Netcat, Hyper-V, and the Windows Subsystem for Linux
Netcat has a long, illustrious history in hackerdom. Publications like Phrack and 2600 have highlighted the command since the early days of Unix and the Internet. Because it can communicate on any listening port using raw TCP, it is one of those commands that has eternal usefulness. It is easy to forget that an advanced communication tool is still well within reach near the bottom of the stack.
While a version of Netcat has existed in both Windows and Linux for a long time, I was curious about its usage in Microsoft’s Windows Subsystem for Linux (WSL). Using the Bash shell in Windows, I’m going to demonstrate basic communication and file transfer between an Ubuntu VM running in Hyper-V and its Windows 10 host.
If you’ve got an up-to-date version of Windows 10 Professional x64, then you can setup WSL. To confirm these specs, hit Windows-Key + Pause to open System properties.
To enable WSL, press Windows-Key + I, select Security and Updates, navigate to the For Developers section, put the machine in Developer Mode, and accept the disclaimer. Note that this step will not be necessary in the near future.
To install WSL, hit your Windows-Key, type “turn”, and launch Turn Windows Features On and Off. Find the Windows Subsystem for Linux folder, check it, click OK, and follow the instructions.
To open WSL after it has been installed, hit your Windows-Key, start typing “Ubuntu”, and launch Bash on Ubuntu on Windows.
Let’s start with a quick overview of Netcat. Always good to read the TM.
We’re going to use the arbitrary port 5100 to receive data in Windows, but before we can accept traffic, we need to open the firewall. Open a PowerShell console as an Administrator and create a new firewall rule. We’ll block this port when we’re done.
Start listening on port 5100. I’ve enabled options to make Netcat listen for TCP packets, provide verbose output, and keep the connection open through multiple commands.
To confirm a connection is possible between the VM and host, open up a terminal in the Ubuntu VM, and scan port 5100 on the Windows host at its IP address. In addition to the verbose flag, I’ve asked Netcat to emit a network packet with zero payload to elicit a response (i.e., scan the remote port).
To establish the connection, simply use the previous Netcat command without any options. Now you can chat like it’s 1995.
I have used Netcat more practically as a way to send a haystack of clipboard data from VM to host. Setting up Samba shares to transfer files or enabling basic Copy/Paste functionality especially from guest to host in Hyper-V is not intuitive. One way to overcome this quickly is to use Netcat to send clipboard data directly to the host. For example, if you’ve got a few links on the guest OS that you want to use later on the host, you can append them to a local file and send that file to the host with just a few commands.
In Windows, hit Ctrl-C to break out of the listening state. Pull up your previous command and modify it to redirect incoming traffic to a file.
Now that our Windows host is listening for TCP packets, let’s create a file in the Ubuntu VM to store our links.
Install a small utility to to send clipboard data to a file.
Copy any web link to the clipboard, and use xclip to save it to the file.
Read the file and pipe it into a socket defined by Netcat using the listening host IP and port.
Switch over to your Windows Bash terminal to read the destination file after it has been received.
When you’re done exploring, remove the firewall rule.
Props to Rich Turner and team for bringing the power of Bash to Microsoft Windows 10.