Linux Netcat 命令——网络工具中的瑞士军刀(Linux Netcat command – The swiss army knife of networking)

系统及网络管理 William 536浏览 0评论

Swiss Army Knife of networking netcat is a versatile tool that is able to read and write data across TCP and UDP network . Combined with other tools and redirection it can be used in number of ways in your scripts. You will be surprised to see what you can accomplish with Linux netcat command.

What netcat does it opens the connection between two machines and give back two streams. After that everything is up to your imagination. You can build a server, transfer files, chat with friends, stream media or use it as a standalone client for some other protocols.

Here are some of the usage of netcat.

[A(172.31.100.7) B(172.31.100.23)]

netcat是网络工具中的瑞士军刀,它能通过TCP和UDP在网络中读写数据。通过与其他工具结合和重定向,你可以在脚本中以多种方式使用它。使用netcat命令所能完成的事情令人惊讶。

netcat所做的就是在两台电脑之间建立链接并返回两个数据流,在这之后所能做的事就看你的想像力了。你能建立一个服务器,传输文件,与朋友聊天,传输流媒体或者用它作为其它协议的独立客户端。

下面是一些使用netcat的例子.

[A(172.31.100.7) B(172.31.100.23)]

Linux netcat command examples

1. Port scanning

Port scanning is done by system admin and hackers to find the open ports at some machine. It helps them to identify the venerability in the system.

$nc -z -v -n 172.31.100.7 21-25

It can work in both TCP and UDP mode, default is TCP mode, to change to udp use -u option

z option tell netcat to use zero IO .i.e the connection is closed as soon as it opens and no actual data exchange take place.
v option is used for verbose option.
n option tell netcat not to use the DNS lookup for the address.

This command will print all the open ports between 21 to 25.

Banner is a text that services sends when you connects to them. Banner are very usefull when you are trying to velberability in the system as it identify the type and version of the services. NOTE not all services may send banner.
Once You have found the open ports you can easily grab the service banner by connecting to them using netcat.

$ nc -v 172.31.100.7 21

The Linux netcat command will connect to open port 21 and will print the banner of the service running at that port.

Linux netcat 命令实例:

1,端口扫描

端口扫描经常被系统管理员和黑客用来发现在一些机器上开放的端口,帮助他们识别系统中的漏洞。

$nc -z -v -n 172.31.100.7 21-25

可以运行在TCP或者UDP模式,默认是TCP,-u参数调整为udp.

z 参数告诉netcat使用0 IO,连接成功后立即关闭连接, 不进行数据交换(谢谢@jxing 指点)

v 参数指使用冗余选项(译者注:即详细输出)

n 参数告诉netcat 不要使用DNS反向查询IP地址的域名

这个命令会打印21到25 所有开放的端口。Banner是一个文本,Banner是一个你连接的服务发送给你的文本信息。当你试图鉴别漏洞或者服务的类型和版本的时候,Banner信息是非常有用的。但是,并不是所有的服务都会发送banner。

一旦你发现开放的端口,你可以容易的使用netcat 连接服务抓取他们的banner。

$ nc -v 172.31.100.7 21

netcat 命令会连接开放端口21并且打印运行在这个端口上服务的banner信息。

2. Chat Server

If you want to chat with your friend there are numerous software and messenger services available at your disposal.But what if you do not have that luxury anymore like inside your computer lab, where all outside connections are restricted, how will you communicate to your friend who is sitting in the next room. Don’t worry my friend because netcat has a solution for you just create a chat server and a predetermined port and he can connects to you.

Server

$nc -l 1567

The Linux netcat command starts a tcp server at port 1567 with stdout and stdin for input output stream i.e. The output is displayed at the shell and input is read from shell.

Client

$nc 172.31.100.7 1567

After this whatever you type on machine B will appear on A and vice-versa.

3,文件传输

大部分时间中,我们都在试图通过网络或者其他工具传输文件。有很多种方法,比如FTP,SCP,SMB等等,但是当你只是需要临时或者一次传输文件,真的值得浪费时间来安装配置一个软件到你的机器上嘛。假设,你想要传一个文件file.txt 从A 到B。A或者B都可以作为服务器或者客户端,以下,让A作为服务器,B为客户端。

Server

$nc -l 1567 < file.txt

Client

$nc -n 172.31.100.7 1567 > file.txt

这里我们创建了一个服务器在A上并且重定向netcat的输入为文件file.txt,那么当任何成功连接到该端口,netcat会发送file的文件内容。

在客户端我们重定向输出到file.txt,当B连接到A,A发送文件内容,B保存文件内容到file.txt.

没有必要创建文件源作为Server,我们也可以相反的方法使用。像下面的我们发送文件从B到A,但是服务器创建在A上,这次我们仅需要重定向netcat的输出并且重定向B的输入文件。

B作为Server

Server

$nc -l 1567 > file.txt

Client

nc 172.31.100.23 1567 < file.txt

4. Directory transfer

Sending file is easy but what if we want to send more than one files, or a whole directory, its easy just use archive tool tar to archive the files first and then send this archive.

Suppose you want to transfer a directory over the network from A to B.

Server

$tar -cvf – dir_name | nc -l 1567

Client

$nc -n 172.31.100.7 1567 | tar -xvf -

Here at server A we are creating the tar archive and redirecting its outout at the console through -. Then we are piping it to netcat which is used to send it over network.

At Client we are just downloading the archive file from the server using the netcat and piping its output tar tool to extract the files.

Want to conserve bandwidth by compressing the archive, we can use bzip2 or other tool specific to content of files.

Server

$tar -cvf – dir_name| bzip2 -z | nc -l 1567

Compress the archive using the bzip2 utility.

Client

$nc -n 172.31.100.7 1567 | bzip2 -d |tar -xvf -

Decompress the archive using bzip2 archive

4,目录传输

发送一个文件很简单,但是如果我们想要发送多个文件,或者整个目录,一样很简单,只需要使用压缩工具tar,压缩后发送压缩包。

如果你想要通过网络传输一个目录从A到B。

Server

$tar -cvf – dir_name | nc -l 1567

Client

$nc -n 172.31.100.7 1567 | tar -xvf -


这里在A服务器上,我们创建一个tar归档包并且通过-在控制台重定向它,然后使用管道,重定向给netcat,netcat可以通过网络发送它。

在客户端我们下载该压缩包通过netcat 管道然后打开文件。

如果想要节省带宽传输压缩包,我们可以使用bzip2或者其他工具压缩。

Server

$tar -cvf – dir_name| bzip2 -z | nc -l 1567

通过bzip2压缩

Client

$nc -n 172.31.100.7 1567 | bzip2 -d |tar -xvf -

使用bzip2解压

5. Encrypt your data when sending over the network

If you are worried about the security of data being sent over the network you can encrypt your data before sending using some tool like mcrypt.

Server

$nc localhost 1567 | mcrypt –flush –bare -F -q -d -m ecb > file.txt

Encrypt the data using the mcrypt tool.

Client

$mcrypt –flush –bare -F -q -m ecb < file.txt | nc -l 1567

Decrypt the data using the mcrypt tool.
Both the above commands will propmt for passowrd make sure to use the same password on both.

Here we have used mcrypt for encryption but any tool can be used.

5. 加密你通过网络发送的数据

如果你担心你在网络上发送数据的安全,你可以在发送你的数据之前用如mcrypt的工具加密。

服务端

$nc localhost 1567 | mcrypt –flush –bare -F -q -d -m ecb > file.txt

使用mcrypt工具加密数据。

客户端

$mcrypt –flush –bare -F -q -m ecb < file.txt | nc -l 1567

使用mcrypt工具解密数据。

以上两个命令会提示需要密码,确保两端使用相同的密码。

这里我们是使用mcrypt用来加密,使用其它任意加密工具都可以。

6. Stream a video

Not the best method to stream but if the server doesn’t have the specific tools, then with netcat we still have hope.

Server

$cat video.avi | nc -l 1567

Here we are just reading the video file and redirecting its output to netcat
Client

$nc 172.31.100.7 1567 | mplayer -vo x11 -cache 3000 -

Here we are reading the data from the socket and redirecting it to mplayer.

6. 流视频

虽然不是生成流视频的最好方法,但如果服务器上没有特定的工具,使用netcat,我们仍然有希望做成这件事。

服务端

$cat video.avi | nc -l 1567

这里我们只是从一个视频文件中读入并重定向输出到netcat客户端

$nc 172.31.100.7 1567 | mplayer -vo x11 -cache 3000 -

这里我们从socket中读入数据并重定向到mplayer。

7. Cloning a device

If you have just installed and configured a Linux machine and have to do the same to other machine too and do not want to do the configuration again. No need to repeat the process just boot the other machine with some boot-able pen drive and clone you machine.

Cloning a linux PC is very simple. Suppose your system disk is /dev/sda
Server

$dd if=/dev/sda | nc -l 1567

Client

$nc -n 172.31.100.7 1567 | dd of=/dev/sda

dd is a tool which reads the raw data from the disk, we are just redirecting its output stream through a netcat server to the other machine and writing it to the disk, it will copy everything along with the partition table. But if we have already done the partition and need to move only the root partition we can change sda with sda1, sda2 etc depending where out root is installed.

7,克隆一个设备

如果你已经安装配置一台Linux机器并且需要重复同样的操作对其他的机器,而你不想在重复配置一遍。不在需要重复配置安装的过程,只启动另一台机器的一些引导可以随身碟和克隆你的机器。

克隆Linux PC很简单,假如你的系统在磁盘/dev/sda上

Server

$dd if=/dev/sda | nc -l 1567

Client

$nc -n 172.31.100.7 1567 | dd of=/dev/sda

dd是一个从磁盘读取原始数据的工具,我通过netcat服务器重定向它的输出流到其他机器并且写入到磁盘中,它会随着分区表拷贝所有的信息。但是如果我们已经做过分区并且只需要克隆root分区,我们可以根据我们系统root分区的位置,更改sda 为sda1,sda2.等等。

8. Opening a shell

We have used remote Shell using the telnet and ssh but what if they are not installed and we do not have the permission to install them, then we can create remote shell using netcat also.

If your netcat support -c and -e option (traditional netcat)
Server

$nc -l 1567 -e /bin/bash -i

Client

$nc 172.31.100.7 1567

Here we have created a netcat server and indicated it to run /bin/bash command when connection is successful.

If netcat doesn’t support -c or -e options(openbsd netcat) we can still crate remote shell.
Server

$mkfifo /tmp/tmp_fifo
$cat /tmp/tmp_fifo | /bin/sh -i 2>&1 | nc -l 1567 > /tmp/tmp_fifo

Here we have created a fifo. Then we have piped the content of this fifo file using pipe command to a shell 2>&1 is used to redirect stderr to same file where stdout is redirected which is piped to netcat server running at port 1567. Now here again we have redirected the output of netcat to fifo file.

Explanation:

The input received from network is written to fifo file.

The fifo file is read by cat command and it content is sent to sh command.

Sh command processes the received input and write it back to netcat.

Netcat send the output over the network to client.

All this is possible because pipe causes the command to run in parallel. The fifo file is used instead of regular file because the fifo causes the read to wait while if it was an ordinary file the cat command would have ended as soon as started reading an empty file.

At client is just as simple as conecting to server
Client

$nc -n 172.31.100.7 1567

And you will get a shell prompt at the client

反向shell

反向shell是指在客户端打开的shell。反向shell这样命名是因为不同于其他配置,这里服务器使用的是由客户提供的服务。

服务端

$nc -l 1567

在客户端,简单地告诉netcat在连接完成后,执行shell。

客户端

$nc 172.31.100.7 1567 -e /bin/bash

现在,什么是反向shell的特别之处呢

反向shell经常被用来绕过防火墙的限制,如阻止入站连接。例如,我有一个专用IP地址为172.31.100.7,我使用代理服务器连接到外部网络。如果我想从网络外部访问
这台机器如1.2.3.4的shell,那么我会用反向外壳用于这一目的。


via:oschina

转载请注明:AspxHtml学习分享网 » Linux Netcat 命令——网络工具中的瑞士军刀(Linux Netcat command – The swiss army knife of networking)

发表我的评论
取消评论

表情

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址