Netcat is utility used to write data across TCP and UDP networks. Using netcat an attacker can place backdoor that will allow him/her to telnet DOS shell. In fact netcat can be used as port scanner, banner grabbing tool, Trojan and backdoor. The power of netcat can be calculated from the fact that it can act as both server and client and even doesn’t get detected by Anti-Virus and even if it gets detected its source code is available add some unnecessary code that will change its signature thus allowing it by bypass Anti-Virus. This tutorial is aimed at complete beginner to netcat.
First of all you’ll need two machines to practice netcat, machines connected in LAN will also do, set up your virtual lab to practice netcat, lets call them as machine A and machine B,
In my case,
Machine A: 192.168.248.128
Machine B: 192.168.248.130
Download Netcat to C directory in machine B and type following command,
this command will show you help file for netcat
C:\>nc -v -w2 -z 192.168.248.128 120-140
Above command will scan all ports from 120 to 140 of machine A . Now lets analyze command.
v – tells to keep output in verbose mode
w2 – tells to wait for 2 seconds after connection closes
z – this option tells netcat to scan ports for machine A
Now there is possibility that scanning each port in linearity may cause trigger in alarm in such case you can add interval between each port scan using ‘ i ‘ . Suppose you need to put 2 second delay between each port scan, you will have to type above command as follows.
C:\>nc -v -w2 -i2 -z 192.168.248.128 120-140
Now one big thing though netcat provides port scanning its better not to use it unless you don’t have any other option than it, better tools like nmap, hping and superscan 4 are already available for port scanning and they know what their job is
Next is we can use netcat as banner grabbing tool that means it can grab application version, I ll advise you to run this command against a PC running server.
C:\>nc -v -n 192.168.248.128 80
v – tells keep output in verbose mode
n – do not resolve DNS, keep all addresses numerical
You can grab banner of each service running behind listed ports. For now lets limit tutorial here, in next section we will see how to use netcat as backdoor and file transfer wizard.