Open in app

Sign in

Write

Sign in

Netcat: Day 03/100

Shubham Khichi
3 min readJul 22, 2019

--

Thank you for reading my previous installments of OSCP. I have been working on some HTB tutorials meanwhile so couldn't write about my journey here at OSCP tutorial. But today I want to dive into some unique tools which can help in during and post-exploitation. Also, we are gonna touch upon some Bash scripting.

NetCat for TCP/IP Connections

Netcat(#nc) is a handy tool in order to listen to ports or if they are open. You can also find out if the port was created by you or some backdoor by some hacker. I think of ports as doors/windows of a house, in order to protect your house, you need to know how these doors{ports} are configured and what is their lock procedures and are protecting you at all times.

Without further delay lets go through the dummy version of Netcat.

nc -h {this command allows you to find all the other netcat tools which you can use.}

#nc -v {ipaddress} port

  • With “-v” for Verbose suffix you can actually let Netcat explain in detail what’s going on with the command.
  • Port 80 is for HTTP since your computer IP address will link to a webpage.
  • With “-l” you can listen to the port
  • With “-p” you can specify the port

You will see that Netcat will show that the port is open as in the picture below.

Netcat Verbose command.

With that in mind if you want to listen to a port you can simply use Netcat to your advantage,

In terminal and type in
# nc -lvp 578

You will see that Netcat will monitor that port for any activity.

Netcat listening to port 578

Now open up a different terminal and type in
# nc {ipaddress} port

You can find your IP address through ifconfig, I am gonna use a purgeable IP here for demo.

The moment you enter the IP and port 578, the first terminal( where you were secretly listening to the port) will get connected to that port and with the benefit of -V verbose you will actually see everything the other terminal is typing. Check the image below.

Listening with Verbose through a port.

Now that we have learned how to listen to a port. Lets try to execute something. We can use -e flag to execute anything through Netcat. Here we will start a Bash command prompt using /bin/bash

#nc -lvp 578 -e /bin/bash

The process will be the same, we open another terminal and instead of reflecting what we are typing on one terminal to other we can execute a command and get an answer. So type in “#whoami” in the terminal after you have entered #nc {IPaddress} port and you will see which user is logged into the port.

Now that we have learned how to execute a command lets use it to send the commands in the listening agent to a file. This can come handy if you try to hack into a box and instead of waiting for hours for the port to operate you can just allow it to send the output to a file.

Use “>” to send output to any file.
#nc -lvp 578 > netcatfiles

Open up another terminal and use “<” to send the contents to the file.
#nc {IPaddress} < {directory/filename}

This will dump everything on the port to the file. This way you can even move files from one system to another.

That's it for today hope you enjoyed a slice of what we are getting into. In my next blog, I will be going over some programming concepts of bash scripting followed by some python and C script.

Oscp
Netcat
Hacking
Hacking Tools

--

--

Shubham Khichi

Written by Shubham Khichi

98 Followers

Don't compare yourself to others, ironically everyone has a different journey but the same destination.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams