To understand the working of Netcat as a backdoor, let’s assume the following configuration: Netcat does not provide any method to check that the file has been transferred completely, so we need to wait for some time based on the file size and the transfer rate and then terminate the connection. For this, we need to set up Netcat on the receiving side in listen mode and forward any input received into a file, then on the sender’s side, we need to make a connection to the specific address of the receiving side and send in the file as demonstrated in figure 5. Machine A # nc –l –p 8008 –c “nc 80”įile Transfer: Extending it further, we can also transfer files using Netcat. Now we simply need to connect to our home machine from that environment. So, on our home computer, we can listen on the port that is allowed in the restricted environment and forward it to the port we want to connect to. It allows listening on any specific port and redirecting that traffic to another port. This is where Netcat’s port redirection capability can be utilized. Port Forwarding: Sometimes, there are restrictions imposed on the ports that we can utilize for outgoing connections (eg. Figure 3 shows how we have extracted the web server header (Apache/2.2.14). Machine B C:> nc –v –w 2 –z 192.168.118.130 1-100īanner Grabbing: Extending this same feature, we can also perform banner grabbing.
Netcat as a port scanner is demonstrated in figure 2. It does not provide a very detailed output and has no advanced feature such as OS fingerprinting, yet it is capable of detecting if a port is open or not.
Port Scanning: Although there are many sophisticated tools available for the purpose of port scanning a host such as Nmap and Scapy, Netcat can also be used for it. We need to configure Netcat to listen on a specific port at one machine and connect to that specific address (IP+port) from a remote Netcat instance as shown in figure 1. Let’s now dive into the details of Netcat as a tool.Ĭhatting: Netcat can be used for the purpose of chatting from one system to another. Hyphens in port names must be backslash escaped (e.g. Port numbers can be individual or ranges: lo-hi Quit after EOF on stdin and delay of secs Program to exec after connect ĭelay interval for lines sent, ports scanned Listen for inbound: nc -l -p port Īs `-e’ use /bin/sh to exec It provides an environment which is capable of interacting with an attacker and monitors his/her activities without any real resources at risk.įirst of all let’s see all the options provided by nc -hĬonnect to somewhere: nc hostname port … It can emulate various services provided by an OS and also generate responses for those services. Honeypot: A Honeypot is a monitored decoy used to attract attackers away from critical resources and also a tool to analyze an attacker’s methods and characteristics. It is utilized to access services which are restricted in any specific environment.
Port Redirection: A simple technique used to transfer traffic from one port to another.
A simple form of banner grabbing is to send a request and analyze the response received. Once determined, these open ports can be utilized to gain access to the host or to launch an attack.īanner Grabbing: A fingerprinting technique aimed at extract information about a host such as operating system, web server, applications etc. Port Scanning: The act of systematically scanning a host for open ports. Before describing Netcat functionalities in detail, some terms need to be explained briefly: