Introduction to Netcat

Today, we will see how to use the Netcat utility. Netcat is a versatile tool that is known as the Hackers' Swiss Army knife. It exists as both Unix and Windows binaries. Netcat is a tool that can read and write to TCP and UDP ports. It can run in two modes: client and server.

We will be exploring Netcat on a Mac machine which ships the BSD variant of the software. If you are on Linux or Windows, the command line options could slightly differ.

Consequently, let's see Netcat’s various options: open the terminal, I suggest iTerm if you are on Mac, and type

nc -h  

Please take time to inspect Netcat’s command line options: The syntax is very easy:

nc [options] host port  

Now let’s have Netcat connect to a port to check if that port is listening for connections. We use the -v option to ask Netcat to give more verbose information.

nc -v host port  

Two things to keep in mind. First, Netcat doesn't do https.
Secondly, Netcat will try to initiate by default a TCP connection, if you want to send a UDP packet, you can use the -u option.

nc -u host port  


Netcat, the portscanner

Netcat can be a basic but effective portscanner. You can specify a range of ports by placing a dash between the first and last port:

nc host firstPort-lastPort  

If we want to get much more verbose and useful information, we just need to add some options.

nc -z -v example.com 1-80  

If you want to use the IP address:

nc -z -n -v 192.168.1.100 1-80  

Keep in mind that netcat is only a basic portscanner. Nmap is much much better. But this starts to show why Netcat is seen as the Hackers' Swiss Army Knife.

Netcat, the chat server

Netcat can work as a chat server: you can listen on a port for an incoming connection as shown next.

nc -l 4444  

Now, open a new Terminal tab, connect to localhost to chat.

nc localhost 4444  

Now type some text and press enter, switch to the other Terminal tab and you will see the text appear. Netcat works perfectly as a basic chat server.

Netcat, the file transfer utility

Netcat can also transfer file. Well, it can do millions of things as you can see.

Open a new Terminal tab and type

nc -l 3000 > FileToReceive  

In this case, instead of outputting what comes into your listener to the screen, we use the '>' symbol in order to output it to a file.

Open again a new Terminal tab and type

echo "Hello, this is hacklabo" > FileToSend  

Now Press enter. We have just created a file which contains the "Hello, this is hacklabo" string. Now type

nc localhost 3000 < FileToSend  

And press enter. We are simply sending the content of FileToSend to the Netcat listener on port 3000. The Netcat listener will then output the result into FileToReceive.

Conclusion

Netcat is an amazing tool not only for penetration testers but also for sysadmins. We have only slightly touched what Netcat can do, but we will dive into more complex use of this amazing tool in the next articles. The best is still to come.

Stay awesome and keep hacking,
Nicola