netcat

Netcat Relays on Windows

  • Start by entering a temp dir where we can create files

cd C:\temp

Listener to Client Relay

  • This creates a relay that sends packets from the local port to a netcat client connected to the target ip address on the target port

echo nc [TargetIPAddr] [port] > relay.bat
nc -l -p [LocalPort] -e relay.bat

Listener to Listener Relay

echo nc -l -p [Local_Port_2] > relay.bat
nc -l -p [Local_Port_1] -e relay.bat

  • This creates a relay that will send packets from any connection on Local_Port_1 to any connection on Local_Port_2

Client to Client Relay

echo nc [NextHopIPAddr] [port2] > relay.bat
nc [PreviousHopIPAddr] [port] -e relay.bat

  • This creates a relay that will send packets from the connection to PreviousHopIPAddr on port to a netcat client connected to NextHopIPAddr on port2

Netcat Command Flags

  • -l Listen mode

  • -L Listen harder, only supported on windows versions of netcat. This option makes netcat persistently listen which will listen again after client disconnect.

  • -u UDP mode

  • -p Local Port. In listen mode this is the port listened on, in client mode this is the source port for all packets sent

  • -e Program the execute after connection occurs, connecting STDIN and STDOUT of the program

  • -n Dont perform DNS look up on names of machines on the other side

  • -z Zero I/O mode. Dont send any data, just emit a packet with out a payload

  • -wN Timeout of connections. Wait N seconds after closure of STDIN. If connection doesnt happen after N seconds netcat will stop listening

  • -v -vv Be verbose, be very verbose respectively

TCP Banner Grabs

echo "" | nc -v -n -w1 [TargetIP] [start_port]-[end_port]

  • Grab the banner of any TCP service running on an IP from a linux machine

  • -r Add this flag to randomize destination ports within the range

  • -p add this flag to specify a source port for the connection

Netcat Relays on Linux

  • Move to tmp dir and create a FIFO

cd /tmp
mknod backpipe p

Listener to Client Relay

nc -l -p [Local_Port] 0<backpipe | nc [Target_IP_Addr] [port] | tee backpipe

  • Create a relay that sends packets from the Local_Port to a netcat client connected to Target_IP_Addr on port

Listener to Listener Relay 

nc -l -p [Local_Port_1] 0<backpipe | nc -l -p [Local_Port_2] | tee backpipe

  • Create a relay that sends packets from any connection on Local_Port_1 to any connection on Local_Port_2

Client to Client Relay 

nc [PreviousHopIPAddr] [port] 0<backpipe | nc [NextHopIPAddr] [port2] | tee backpipe

  • Create a relay that sends packets from the connection to PreviousHopIPAddr on port to a netcat client connected to NextHopIPAddr on port2

PreviousMimikatzNextNmap

Last updated