Netcat

From Leo's Notes
Last edited on 8 September 2022, at 17:14.

netcat/nc/ncat are utilities that sends and receives data using TCP or UDP.

When talking about 'netcat', it can refer to the following projects. Each implementation has similar functionalities, but the command line options may differ.

  1. GNU netcat (which is symlinked to nc on some Linux systems, leading to confusion)
  2. OpenBSD nc
  3. Nmap's ncat (which is also symlinked to nc) with lots of features including SSL support and proxy connections.

Usage

For the most part, netcat and ncat are very similar. The older OpenBSD nc has less features.

nc netcat ncat
Listen on a port nc -l -p $port netcat -l $port ncat -l -p $port
Send to a port nc $port netcat $port ncat $port
Send to a port, using a specific source port n/a netcat -p $sport $dest $dport ncat -p $sport $dest $dport

SSL with ncat

ncat allows for creating SSL server or client.

Description Command
Connect to a server using SSL ncat -C --ssl <server> 443
Verify a server's SSL ncat -C --ssl-verify <server> 443
Listen using SSL (auto generated) ncat --listen --ssl
Listen using SSL (manual SSL certs) openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

ncat --listen 443 --ssl --ssl-key key.pem --ssl-cert cert.pem

If you're trying to reverse proxy for a SSL server, you should look at socat.

Tasks

Create a remote shell

With ncat, you can use the --exec option to spawn a program on a new connection.

hostA# ncat --exec /bin/sh -l 8888

hostB# ncat  hostA 8888
## Any command you type goes to /bin/sh on hostA

If you want to do this a bit more securely, you can also:

  • Enable SSL with --ssl.
  • Restrict access to a specific host with --allow $sourceIP.

See also

  • Socat which can be used to send/receive data through sockets as well as TCP/UDP protocols