Netcat is a great network utility for reading and writing to network connections using the TCP and UPD protocol. Netcat is often referred to as the Swiss army knife in networking tools and we will be using it a lot throughout the different tutorials on Hacking Tutorials. Most common use for Netcat when it comes to hacking is setting up reverse and bind shells, piping and redirecting network traffic, port listening, debugging programs and scripts and banner grabbing. In this tutorial we will be learning how to use the basic features from Netcat such as:
- Banner grabbing
- Raw connections
- Webserver interaction
- File transfers
We will demonstrate these techniques using a couple virtual machines running Linux and through some visualization. The hacking with Netcat tutorials will be divided in the following 3 parts:
- Hacking with Netcat part 1: The Basics
- Hacking with Netcat part 2: Bind and Reverse shells
- Hacking with Netcat part 3: Advanced Netcat techniques
Let’s start with the very basics and have a look at how we can make raw data connections to grab service banners.
Banner Grabbing, raw connections and webserver interaction
Service banners are often used by system administrators for inventory taking of systems and services on the network. The service banners identify the running service and often the version number too. Banner grabbing is a technique to retrieve this information about a particular service on an open port and can be used during a penetration test for performing a vulnerability assessment. When using Netcat for banner grabbing you actually make a raw connection to the specified host on the specified port. When a banner is available, it is printed to the console. Let’s see how this works in practice.
Netcat banner grabbing
The following command is used the grab a service banner (make a raw connection to a service):
nc [ip address][port]
Let’s try this on the FTP service on Metasploitable 2 which is running on port 21:
nc 192.168.100.100 21
As we can see there is a vsFTPD service running on port 21. Have a look at the service enumeration tutorial if you want to learn more about this subject.
Netcat raw connection
To demonstrate how a raw connection works we will issue some FTP commands after we’re connected to the target host on the FTP service. Let’s see if anonymous access is allowed on this FTP server by issuing the USER and PASS command followed by anonymous.
This example demonstrates how to grab a banner and how to setup and use a raw data connection. In this example we’ve used an FTP service but this also works on other services such as SMTP and HTTP services.
Web server interaction
Netcat can also be used to interact with webservers by issuing HTTP requests. With the following command we can grab the banner of the web service running on Metasploitable 2:
nc 192.168.100.108 80
And then run this HTTP request:
HEAD / HTTP/1.0
The webserver responds with the server banner: Apache/2.2.8 (Ubuntu) DAV/2 and the PHP version.
To retrieve the top level page on the webserver we can issue the following command:
nc 192.168.100.108 80
And then run this HTTP request:
GET / HTTP/1.0
File transfers with Netcat
In this example we will be using a Netcat connection to transfer a text file. Let’s assume we have remote command execution on the target host and we want to transfer a file from the attack box to the host. First we would need to set up a listener on the target host and connect to it from the attack box. We will be using port 8080 for this purpose and we safe the file to the desktop:
nc -lvp 8080 > /root/Desktop/transfer.txt
On the attack box we connect to port 8080 and send a file name transfer.txt:
nc 192.168.100.107 8080 < /root/Desktop/transfer.txt
Than we hit control + c and cat the contents of the file on both the attack box and target host.
As we can see here the contents of the files are equal which means it has been transferred from the attack box to the target host.
Lessons learned
In the first part of the Hacking with Netcat tutorials we have learned how to work with several basic features like raw connections, banner grabbing and file transfers. We have learned how to grab service banners which contain information about the service running on the specific port. We have also learned how to interact with services by using raw connections and Netcat. In the tutorial we have gained anonymous access to a FTP server using a raw data connection and issued some FTP commands. We have also learned how to use Netcat for interaction with a webserver. We are able to retrieve webpages and send HTTP requests. Last but not least, we have learned how to transfer files from one box to another with Netcat.
In the following Hacking with Netcat tutorial we will be learning about how to use reverse shells and bind shells.
lipitor 40mg pills purchase lipitor atorvastatin 80mg usa
cost atorvastatin 10mg brand atorvastatin 20mg atorvastatin generic
buy ciprofloxacin 500mg – augmentin 1000mg price buy clavulanate medication
buy cipro pills – ethambutol 1000mg for sale clavulanate where to buy
cheap ciprofloxacin 500mg – augmentin drug cheap augmentin 375mg
buy zidovudine sale – generic zyloprim 300mg order generic allopurinol
buy retrovir 300mg generic – buy metformin 500mg online cheap allopurinol 100mg tablet
buy glycomet generic – order glucophage without prescription buy generic lincomycin
oral clozapine 100mg – buy amaryl 4mg purchase pepcid online
quetiapine 50mg canada – order venlafaxine 150mg pills order eskalith for sale
purchase quetiapine online cheap – buy seroquel online cheap eskalith oral
buy clozaril pills – frumil cheap famotidine 40mg us
buy clomipramine 50mg pill – cheap tofranil 75mg order doxepin 25mg without prescription
hydroxyzine 10mg ca – buy sarafem sale endep 10mg for sale
purchase atarax online cheap – pamelor 25mg sale endep online buy
buy anafranil sale – order generic duloxetine 40mg doxepin 75mg ca
cheap amoxicillin – buy generic amoxil over the counter cipro for sale online
amoxicillin cheap – buy amoxil pills cipro 1000mg price
buy augmentin 1000mg – cipro online cipro order
cheap augmentin 625mg – order bactrim 960mg sale cost cipro 1000mg
cleocin 150mg cheap – buy cefixime 100mg online chloromycetin where to buy
cleocin 300mg brand – buy suprax 100mg buy chloromycetin pills for sale
buy azithromycin 250mg pill – brand tinidazole 300mg order ciprofloxacin 500 mg pill
order zithromax 250mg – buy metronidazole 200mg for sale purchase ciprofloxacin sale
ivermectin 2mg – buy generic cefaclor over the counter cefaclor order online
albuterol over the counter – allegra 180mg over the counter theo-24 Cr 400 mg usa
buy albuterol generic – theophylline price generic theophylline 400 mg