ࡱ> bda 'bjbj 2X33333GGGG<G1%%% ;1=1=1=1=1=1=1$z36a13 a133%v1>)>)>) 3%3;1>) ;1>)>)V0@0% WG%J_0 '1101k0x6'l60630D >) a1a1>) 1 6  : Netcat As an alternative to relatively limited TELNET scripts for network hacking, Netcat (quite literally UNIX cat command over a network) is a simple Linux/Unix/Windows utility which reads and writes data across TCP/UDP/IP port network connections, using TCP or UDP protocol. It is designed to be a reliable "back-end" tool that can be used directly or is easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities. nc" as the actual command line for Netcat. LINUX and Windows also has a GUI frontend to the netcat command line application. Netcats homepage is:  HYPERLINK "http://netcat.sourceforge.net/" http://netcat.sourceforge.net/ Netcat Syntax Client mode - connect to a port outbound to somewhere: nc [-options] hostname port[s] [ports] ... Server mode - listen (-l flag) on a port for inbound connections from somewhere: nc -l -p port [-options] [hostname] [port] Note: Most UNIX/LINUX systems require ROOT authority to listen on a port less than 1024. nc -h nc options: -e prog program to exec after connect [dangerous!!] -b allow broadcasts -g gateway source-routing hop point[s], up to 8 -G num source-routing pointer: 4, 8, 12, ... -h this list -i secs delay interval for lines sent, ports scanned -l listen mode, for inbound connects -n numeric-only IP addresses, no DNS -o file hex dump of traffic -p port local port number -r randomize local and remote ports -q secs quit after EOF on stdin and delay of secs -s addr local source address -t answer TELNET negotiation -u UDP mode -v verbose [use twice to be more verbose] -w secs timeout for connects and final net reads -z zero-I/O mode [used for scanning] port numbers can be individual or ranges: lo-hi [inclusive] Netcat command examples: Simple File Transfer Start two copies of netcat on the same machine locally: nc -l 1111 Here, using the l switch, we are able to specify that netcat should go into listen mode i.e. to listen on the specified port. Using p 1111 we are able to specify that we are using port 1111. To summarize, netcat will sit and listen for TCP connections on port 1111 and print any data it receives out to the screen. In another window we start netcat as: nc 127.0.0.1 1111 This will connect to host 127.0.0.1 (Locally) on port 1111. Window 1: netcat -l -p 1111 This message was typed in WINDOW1 This message was typed in WINDOW2 Now end communication with ^C (Ctrl-C) Window 2: nc 127.0.0.1 1111 This message was typed in WINDOW1 This message was typed in WINDOW2 Now I'm going to end communication with ^C (Ctrl-C) This is the most basic use of netcat - using a BASH shell and pipe | data to and from netcat, as well as using the redirection (>, >>, <, <<) to allow netcat to integrate into the shell environment. Examples using netcat with redirection operators. Transmit a plaintext file. In one window, we will start netcat as: nc -l 1111 > outputfile This will run netcat with the same parameters specified above, except it will redirect all text received into outputfile. infile This is a test file. I am going to attempt to transmit this. Using Netcat. Here, we have created some text in a file, and this is the file we are going to attempt to transmit: cat infile | nc 127.0.0.1 1111 q 10 Hopefully this has now been transmitted to the otherside: cat outputfile This is a test file. I am going to attempt to transmit this. Using Netcat. The q 10 in the command line will quit after EOF (Otherwise netcat will hang waiting for more input for cat and we will have to terminate it manually). The parameter 10 causes it to quit after 10 seconds anyway. Tar Integrate tar and netcat together, and use this to transmit a directory across a netcat socket: On one side: tar zcfp - /path/to/directory | nc -w 3 127.0.0.1 1234 The tar statement before the pipe tars and compresses (using gzip) every file within that directory, before printing its output to stdout (The screen). It is then caught by the pipe, and piped to nc which in this example, connects to 127.0.0.1 on port 1234 and sends it the data which would normally hit the screen. The w 3 switch causes nc to allow for a 3 second timeout (In the event of a temporary disconnection or similar). On the other side: nc -l -1234 | tar xvfpz This will listen on port 1234 for a connection, and will pass any data received to tar. UDP Netcat also supports the UDP/IP protocol, this feature can be invoked with the u switch. Simple Socket Reply To get netcat to listen in on a socket, and send any data we wish when it receives a connection. echo Leave me alone | nc l 1234 w 10 This nc command is listening in on port 1234 with a wait time of 10 seconds. If/when we receive a connection, pipe the results of echo Leave me alone to netcat. The w 10 is necessary, as otherwise any connection made in will remain open forever. We can also optionally add a v in to the netcat command line which will give us verbose information, i.e. who is connecting. Every time a connection times out (either with the w 10 command line switch, or because a connection has been made and then closed), netcat will exit. Program Execution nc e Netcat has a e switch which we can use to execute a program on connection i.e. running as nc e v called by the inetd wrapper, which can be used to view traffic and information on users connecting to wrapped daemons. The most common use is using it to redirect to and from /bin/bash or similar shell. nc -v -e '/bin/bash' -l -p 1234 -t listening on [any] 1234 ... connect to [127.0.0.1] from localhost [127.0.0.1] 51210 In one window, and a simple telnet localhost 1234 in another window: telnet 127.0.0.1 1234 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. echo Test Test ^] telnet> Port Scanning The scanning features of netcat can be used against a network to get useful information about which hosts have certain ports open. You can also send a precompiled data file to each. A TCP port scanning example (with connection): echo EXIT | nc -w 1 127.0.0.1 20-250 500-600 5990-7000 Will scan 127.0.0.1 on ports 20-250, 500-600 and 5990-7000. Every port that it finds is open, it will pipe the output of echo EXIT being the word EXIT to that port. A UDP port scanning example (no connection): nc -v -z u 127.0.0.1 20-250 500-600 5990-7000 -v was to put netcat into verbose mode, and u was telling netcat to fall into UDP mode. Simple Web Client echo -e "GET http://www.google.com HTTP/1.0\n\n" | nc w 5 www.google.com 80 Make a connection to google.com on port 80 (Web server port), and put in an HTTP request for http://www.google.com. At this point, we are presented with the uninterpreted HTML sent by the web server and locally to STDOUT. Simple Web Server Cat webfrontend: Test Page!

Welcome to my webpage!

cat webfrontend | nc v l p 80 In this example, an HTML file webfrontend is piped any incoming connection to netcat on port 80. A pseudo webserver. NetCat Command Cheat Sheet nc l p [port]will create a simple listening tcp port. Add u to put into UDP mode.nc e [program]To redirect stdin/stdout from program.nc w [timeout]To set a timeout before netcat automatically quits. (Used within a loop usually)program | ncTo pipe output of program to netcatnc | programTo pipe output of netcat to programnc hHelp sheetnc vTo put into verbose mode, or use v v to put into ultra-verbose mode!nc g or nc GSource routing flagsnc tUse telnet negotiation (If connecting to a telnetd or acting as a telnetd for telnet clients).nc o [file]Hex dump traffic to filenc zNo I/O (Used for scanning ports) Ug j Z ^ u z ! ? @ B P ` h r {  7 ݼݼݢ{ݼmݼmhnih#5OJQJ^Jh#h#0JCJOJQJ^J(jh#B*OJQJU^JaJph333h#B*OJQJ^JaJph333hnJOJQJ^Jh38wOJQJ^Jh#5OJQJ\^JhniOJQJ^Jh#OJQJ^Jh`OJQJ^Jh#B*OJQJ^Jph333)B P 8 9  = s &Kn$gd38w & Fgdni%d-DM O7 8  z{  01FG-Byz{}ƼtgZgh/!5OJQJ\^Jh#5OJQJ\^J#h#B*CJOJQJ^JaJph333h#>*B*OJQJ^Jph333h#h38whnJOJQJ^JhniOJQJ^Jh#OJQJ^Jh38wOJQJ^Jhnih38w5OJQJ^JhX2mh38w5h38w5OJQJ^Jh38wh38wOJQJ^Jh#5OJQJ^J#$:n-BzI[\~*[$\$d%d-DM Od%d-DM OI_09c}?@GZjŵ~i~]h#CJOJQJ^J)h#5B*CJOJQJ\^JaJphh#>*OJQJ^Jh#5>*CJ\aJh|B*OJQJ^JaJph333hX2mB*OJQJ^JaJph333h#B*OJQJ^JaJph333h#OJQJ^Jh#h/!5OJQJ\^Jh#5OJQJ\^J#h#B*CJOJQJ^JaJph333$*^_?@G\Z[j[$\$d%d-DM O78ptDmn~su*d%d-DM O[$\$*d%d-DM O)67ptD`amn~~#&)*rsuCն줠Փsoksh|hnih#B*OJQJ^JaJph333h|B*OJQJ^JaJph333h~5OJQJ\^JhX2mh#B*OJQJ^Jph333hnJh5OJQJ\^J#h#B*CJOJQJ^JaJph333h#5OJQJ\^Jh#OJQJ^Jh#h#>*B*OJQJ^Jph333* BC  0!1!!"*d%d-DM Od%d-DM O)C  /!0!1!!!"" """""8""""溧~kXkXkHh#B*CJOJQJaJph%h|5B*OJQJ\^JaJph333%h#5B*OJQJ\^JaJph333h|h#B*OJQJ^JaJph333)h#5B*CJOJQJ\^JaJph333%h#5B*CJOJQJ\aJph#h#B*CJOJQJ^JaJph333h|OJQJ^Jh#>*B*OJQJ^Jph333h#OJQJ^Jh#h#CJOJQJ^J" "8"9""""###!$U$^$$$$%$%j%$If p^p`*d%d-DM Od%d-DM Od%d-DM O"""""""#######;$<$U$^$$$$$$$$%j%ѿ{k{gR{k{k{g)h#5B*CJOJQJ\^JaJph333h#h|B*OJQJ^JaJph333h#B*OJQJ^JaJph333h#>*B*OJQJ^Jph333#hX2mB*CJOJQJ^JaJph333#h#B*CJOJQJ^JaJph333#h|B*CJOJQJ^JaJph333h#B*OJQJ^Jph333h#B*CJOJQJaJphh|B*CJOJQJaJphj%k%{%%$Ifxkd$$IfK0 #"0 634Ka_ bj%k%%%&&6&7&h&i&z&{&&&&&S'T'z'{''''h##h#B*CJOJQJ^JaJph333h#CJOJPJQJ^JaJ%%%&$Ifxkd$$IfK0 #"0 634Ka_ b&&&6&$Ifxkd^$$IfK0 #"0 634Ka_ b6&7&D&h&$Ifxkd $$IfK0 #"0 634Ka_ bh&i&o&z&$Ifxkd$$IfK0 #"0 634Ka_ bz&{&&&$Ifxkdk$$IfK0 #"0 634Ka_ b&&&&$Ifxkd$$IfK0 #"0 634Ka_ b&&&S'$Ifxkd$$IfK0 #"0 634Ka_ bS'T'a'z'$Ifxkdx$$IfK0 #"0 634Ka_ bz'{'''$Ifxkd'$$IfK0 #"0 634Ka_ b'''r%d-DM Oxkd$$IfK0 #"0 634Ka_ b01h/R / =!"#$% $$IfP !vh555#v#v5:V K0 6,5/ 34Ka_ $$IfP !vh555#v#v5:V K0 6,5/ 34Ka_ $$IfP !vh555#v#v5:V K0 6,5/ 34Ka_ $$IfP !vh555#v#v5:V K0 6,5/ 34Ka_ $$IfP !vh555#v#v5:V K0 6,5/ 34Ka_ $$IfP !vh555#v#v5:V K0 6,5/ 34Ka_ $$IfP !vh555#v#v5:V K0 6,5/ 34Ka_ $$IfP !vh555#v#v5:V K0 6,5/ 34Ka_ $$IfP !vh555#v#v5:V K0 6,5/ 34Ka_ $$IfP !vh555#v#v5:V K0 6,5/ 34Ka_ $$IfP !vh555#v#v5:V K0 6,5/ 34Ka_ ^, 666666666vvvvvvvvv666666>6666666666666666666666666666666666666666666666666hH6666666666666666666666666666666666666666666666666666666666666666662 0@P`p2( 0@P`p 0@P`p 0@P`p 0@P`p 0@P`p 0@P`p8XV~_HmH nH sH tH P`P Normal(CJOJPJQJ^J_HaJmH sH tH bb  Heading 1dhdd@&[$\$5B*CJ!KH$\aJ!ph333N@"N  Heading 2dd@&[$\$5CJ\aJN@2N  Heading 3dd@&[$\$5CJ\aJDA`D Default Paragraph FontVi@V 0 Table Normal :V 44 la (k ( 0No List >U@>  Hyperlink>*B*CJaJph3fNVN FollowedHyperlink>*B* CJaJph3fBbB  HTML CodeCJOJPJQJ^JaJ|e"| HTML Preformatted7 2( Px 4 #\'*.25@9CJaJ8O28 paddingdd[$\$\B\ topnavbarlinkdd[$\$5B*CJ\aJph:R: menulinkdd[$\$LbL maintopcatdd[$\$5CJ\aJZrZ displaylinkstitledd[$\$5CJ\aJLL papertitledd[$\$5CJ\aJHH boxlabel$dd[$\$a$CJaJJJ menulabeldd[$\$5CJ\aJxx imageTdd$d%d&d'dNOPQ[$\$TT papericondd[$\$5B*CJ\aJph articlesectionedd$d%d&d'd-DM NOPQ[$\$5B*CJ\aJph333FF adtitledd[$\$5CJ\aJ>> adtextdd[$\$CJaJLL menu_link dd[$\$5B*\ph66 line!&dP" boxes_"$d%d&d 'd-DM NOP Q B*ph333P1P Hyperlink1#d5<>*CJ\aJph3f`A` FollowedHyperlink1#d5<>*CJ\aJph3ff\f z-Top of Form%$&dPa$<CJOJQJ^JaJl]lz-Bottom of Form&$$dNa$<CJOJQJ^JaJ*q* importantC Body Text Indent6(@ d%d-DM O^@ B*CJOJQJ^JaJph333xB@x  Body Text.)d%d-DM OB*CJOJQJ^JaJph333tP@t  Body Text 2**d%d-DM OB*OJQJ^JaJph333RQR  Body Text 3+5B*CJOJQJ\aJphPK![Content_Types].xmlj0Eжr(΢Iw},-j4 wP-t#bΙ{UTU^hd}㨫)*1P' ^W0)T9<l#$yi};~@(Hu* Dנz/0ǰ $ X3aZ,D0j~3߶b~i>3\`?/[G\!-Rk.sԻ..a濭?PK!֧6 _rels/.relsj0 }Q%v/C/}(h"O = C?hv=Ʌ%[xp{۵_Pѣ<1H0ORBdJE4b$q_6LR7`0̞O,En7Lib/SeеPK!kytheme/theme/themeManager.xml M @}w7c(EbˮCAǠҟ7՛K Y, e.|,H,lxɴIsQ}#Ր ֵ+!,^$j=GW)E+& 8PK!Ptheme/theme/theme1.xmlYOo6w toc'vuر-MniP@I}úama[إ4:lЯGRX^6؊>$ !)O^rC$y@/yH*񄴽)޵߻UDb`}"qۋJחX^)I`nEp)liV[]1M<OP6r=zgbIguSebORD۫qu gZo~ٺlAplxpT0+[}`jzAV2Fi@qv֬5\|ʜ̭NleXdsjcs7f W+Ն7`g ȘJj|h(KD- dXiJ؇(x$( :;˹! I_TS 1?E??ZBΪmU/?~xY'y5g&΋/ɋ>GMGeD3Vq%'#q$8K)fw9:ĵ x}rxwr:\TZaG*y8IjbRc|XŻǿI u3KGnD1NIBs RuK>V.EL+M2#'fi ~V vl{u8zH *:(W☕ ~JTe\O*tHGHY}KNP*ݾ˦TѼ9/#A7qZ$*c?qUnwN%Oi4 =3ڗP 1Pm \\9Mؓ2aD];Yt\[x]}Wr|]g- eW )6-rCSj id DЇAΜIqbJ#x꺃 6k#ASh&ʌt(Q%p%m&]caSl=X\P1Mh9MVdDAaVB[݈fJíP|8 քAV^f Hn- "d>znNJ ة>b&2vKyϼD:,AGm\nziÙ.uχYC6OMf3or$5NHT[XF64T,ќM0E)`#5XY`פ;%1U٥m;R>QD DcpU'&LE/pm%]8firS4d 7y\`JnίI R3U~7+׸#m qBiDi*L69mY&iHE=(K&N!V.KeLDĕ{D vEꦚdeNƟe(MN9ߜR6&3(a/DUz<{ˊYȳV)9Z[4^n5!J?Q3eBoCM m<.vpIYfZY_p[=al-Y}Nc͙ŋ4vfavl'SA8|*u{-ߟ0%M07%<ҍPK! ѐ'theme/theme/_rels/themeManager.xml.relsM 0wooӺ&݈Э5 6?$Q ,.aic21h:qm@RN;d`o7gK(M&$R(.1r'JЊT8V"AȻHu}|$b{P8g/]QAsم(#L[PK-![Content_Types].xmlPK-!֧6 +_rels/.relsPK-!kytheme/theme/themeManager.xmlPK-!Ptheme/theme/theme1.xmlPK-! ѐ' theme/theme/_rels/themeManager.xml.relsPK]  X7 C"j%'!$"j%%&6&h&z&&&S'z''' "#$%&'()*+ ?X8@0(  B S  ?U[[]BH y}V\z|X ^ I O }  ? E 1 ; @ F NW_i "vztz\^_asu lr &/gp)/  GMtzbmprCFkm/579V\ik{}&6=TV{}[]mrwz| I O 0 a @ F [^ "Dlsu JQ1l  DF^a$(33333333333333333333333333333333333333333333333AABBPP{} ]]^^`abb#&)*VzM28vF)^`OJPJQJ^Jo(-^`OJQJ^Jo(hHop^p`OJQJo(hH@ ^@ `OJQJo(hH^`OJQJ^Jo(hHo^`OJQJo(hH^`OJQJo(hH^`OJQJ^Jo(hHoP^P`OJQJo(hH^`.^`.pp^p`.@ @ ^@ `.^`.^`.^`.^`.PP^P`.^`.^`.pp^p`.@ @ ^@ `.^`.^`.^`.^`.PP^P`.28Vz|h        :G܀왦FB|ipJ@N ^<6xGZL( tfd_^՚WՒ!  /!nJX2m38w~`Pni#|@aa^aaX@UnknownG*Ax Times New Roman5Symbol3. *Cx Arial?= *Cx Courier NewI. ??Arial Unicode MS;WingdingsA$BCambria Math"qhԆsD |99%2p 3QLP $Pni2!xx(SecurityDocs: Comment on NetCat Tutorial Image v5.05P RR Donnelley   Oh+'0 4@ ` l x,SecurityDocs: Comment on NetCat TutorialImage v5.05P Normal.dotmRR Donnelley9Microsoft Office Word@R@2@W՜.+,D՜.+,` hp  RR Donnelley9 )SecurityDocs: Comment on NetCat Tutorial Title 8@ _PID_HLINKSAxujhttp://netcat.sourceforge.net/  !"#$%&'()*+,./012346789:;<=>?@ABCDEFGHIJKLMNOPRSTUVWXZ[\]^_`cRoot Entry FpWeData -1Table56WordDocument2XSummaryInformation(QDocumentSummaryInformation8YCompObjy  F'Microsoft Office Word 97-2003 Document MSWordDocWord.Document.89q