Netcat Command in Linux – A Complete Guide

$NETCAT

Nc or the Netcat command is a networking command-line tool in Linux. It works like a port scanning tool, a security tool, or a network monitoring tool. It is an important utility for system administrators to be aware of and is often referred to as the Swiss army knife of networking tools. 

The netcat command can be used for following:

  • Port scanning 
  • Copying files over a server 
  • Creating a command-line chat server 
  • Port forwarding
  • Creating Proxy servers 
  • Pulling Banner information from remote machines
  • Hosting Web servers 
  • Creating Backdoors 

Installing the Netcat Command

First things first, In most ubuntu systems, Netcat is available as a package that comes installed, but if it isn’t  you can download it with the following command :

$ yum install nc                  [On CentOS/RHEL]
$ dnf install nc                  [On Fedora 22+ and RHEL8]
$ sudo apt-get install Netcat     [On Debian/Ubuntu]

Modes of Operation

There are two modes of operation using nectat, as a Client or as a Server.

Syntax for the two modes can be represented as :

connect to somewhere: (client)

 nc [-options] [hostname] [ports] 

listen for inbound: (server)

nc –l –p port [options] [hostname] [port]

When using Netcat for connecting to something, that is when using the former of the two. You are essentially working in Client mode as you are using your machine to get some information from another machine.

When using Netcat for listening for inbound connections, the machine acts as a server. The -l represents listening.

Scanning Ports with Netcat

One of the most basic and common uses of Netcat is to determine which ports are open. There are three primary flags used for port scanning:

-zEnables nc to scan for listening daemons, without sending any data to them
-vEnables verbose mode 
-wUsed when there is a need to specify a time-out condition 

There are three ways to specify the ports for listening:

Listening to single port :

$ nc -v -w 2 z 127.0.0.1 20

Listening to multiple ports :

$ nc -v -w 2 z 127.0.0.1 20 25 30

Listening to a range of ports :

$ nc -v -w 2 z 127.0.0.1 20-25 
output
listening to multiple ports

Copying Files using the Netcat Command in Linux

The netcat command can be used to transfer a file from one system to another even though it is obsolete as compared to ssh/scp. This can be done by using the following commands.

This works by sending the information of the file from the source machine to the receiver machine over a channel. The receiving machine operates in listening mode and listens for data over a particular port. The sending machine sends the data over by building a connection with the receiver. This builds a server-client model using Netcat.

Redirecting operators < , > are used to write to and from the files.

On the listening machine (destination):

$ nc -l  8080 > file.txt

On the sending machine (source):

$ nc 192.168.1.100 8080 < data.txt

If you don’t mention the files and the redirection operators then the same commands work as a chat model. We’ll see this next :

Command Line Chat Server using NC

Netcat can be used to make a basic command line chat server that can be used by two systems to chat in the command line. 

Run the command on one of the servers:

$ nc -l 8080

On a remote machine use the following command to connect:

$ nc 127.0.0.1 8080

This will establish a connection and whatever is written on one terminal will be displayed on the other.

This will work both ways.

 Running two instances of the terminal and creating a chat server between the two:

Pasted Image 0 1
chat via Netcat
netcat command
chat via Netcat

Changing the mode of connection to UDP

The default mode of connection in Netcat is TCP, but there is another mode of connection know as UDP that can be opted for.

This can be done by using the ‘-u‘ option along in the Netcat command.

*TCP stand for Transfer Control Protocol whereas UDP stand for User Defined Datagram.

$ nc -l -u 55
UDP
UDP

This connects to 55 UDP port. We can see that the type of connection is UDP instead of TCP by using ‘-v’ option:

UDP Verification
UDP Verification

You can use this to create a UDP chat server by using -u in the chat server example above. The only difference would be that now UDP protocol would be used for exchange instead of TCP. 

Grabbing Banners

Netcat can also be used to grab the banner information from a remote system.

This can be done by connecting to port 80 of the web address and then sending a HEAD / HTTP/1.0 or HEAD / HTTP/1.1

You can also use CONNECT, DELETE, DEBUG, OPTIONS, GET instead of HEAD.

$ nc  80
HEAD / HTTP/ 1.1 

after writing the second line hit enter a couple of times.

Screenshot 2020 06 02 At 11.23.36 PM
Grabbing banner using HEAD/HTTP
Screenshot 2020 06 02 At 11.24.07 PM
Grabbing banner using OPTIONS /HTTP
Screenshot 2020 06 02 At 11.34.12 PM
Grabbing banner using GET / HTTP

Using Netcat as a Proxy server

To create a proxy server we need to create a channel that enables sending and receiving of information. Just redirecting the incoming connections would create a server that only works one way. The response, in that case, would be discarded.

The command to create a server is :

$ nc -l 8080 | nc 192.168.1.200 80

To make this two way we use :

$ mkfifo 2wayPipe
$ nc -l 8080 0<2wayPipe | nc 192.168.1.200 80 1>2wayPipe

mkfifo command in linux is used to create pipes. Pipes by their nature are first in first out (fifo) and mainly help two process in linux to communicate.

2wayPipe is name of the pipe which we have chosen arbitrarily.

This provides the capacity to send and receive information over the Netcat proxy server.

Create a Basic Web Server

Let’s say there’s a basic HTML file that you want to host. The file is named index.html on your system. Then you can use the following command to create a local Netcat server and host the HTML file. We’ll use the while loop in shell scripts to ensure the server continues to listen on the port 8080 and serve our index.html page for each request.

$ while : ; do (echo -ne "HTTP/1.1 200 OK\r\n"; cat index.html;) | nc -l -p 8080 ; done

The use of a while loop without a terminating condition enables the server to run until and unless terminated manually. The web page can be viewed by typing http://localhost:8080 in the browser window. 

Toggling between IPV6 and IPV4

If you need to connect a specific version of IP, you can use one of the below command tags to do so.

-4Allows IPV4 addresses only 
-6Allows IPV6 addresses only 

For example, in our command line chat model above we can use one of these flags to connect to IPv4 or IPv6 as shown below.

For IPV4 :

$ nc -4 -l 8080
$ nc -4 192.168.1.100 8080

For IPV6 :

$ nc -6 -l 8080
$ nc -6 192.168.1.100 8080

Using Netcat to create a system backdoor

Netcat is used to create backdoors in your system, a very popular method often used by hackers. Hackers can use a backdoor to gain access to your system in a way that bypasses the system’s customary security mechanisms. This makes use of -e option available with the Netcat command. -e command is used in Netcat to execute a specified program when a client connects to it.

The command for this is :

$ nc -l 5500 -e /bin/bash

This attaches the port 5500 to your bin/bash which can be accessed by a remote machine to execute commands by typing :

$ nc 10.10.10.100 5500

Continue listening after a disconnection

When a server is setup using Netcat, a disconnection even from the client-side leads to termination of the server. To prevent this we use the -k flag which forces the server to stay up regardless of the connection with the client-side. 

$ nc -k -l 8080

This makes sure that the server is running even after the client has disconnected. 

Conclusion

The netcat command is a very vast utility and the uses demonstrated above are a drop in the ocean of what the netcat command can do. You can learn more about the command on their wikipedia page or the man page.