已复制
全屏展示
复制代码

linux命令netcat nc命令总结


· 3 min read

一. 概述

Netcat用于从TCP/UDP连接中读取或发送网络数据。catLinux中查看或连接文件的命令,所以netcat本意为从网络上查看文件内容。而Netcat的作者Hobbit为它添加了非常丰富的功能,使它几乎能够完成网络操作中各式各样的操作,所以Netcat在网络安全领域被称作TCP/IP的瑞士军刀(Swiss-army knife forTCP/IP)。

Netcat稳定版1.10Hobbit19963月发布(开源软件),之后作者没有再对其进行维护,但该工具十多年来依然在被广泛地使用,而且基于Netcat的各种衍生工具也层出不穷,他们在很多方面增强或扩展了Netcat的功能。

二. 参数

$ nc -h
OpenBSD netcat (Debian patchlevel 1.187-1ubuntu0.1)
usage: nc [-46CDdFhklNnrStUuvZz] [-I length] [-i interval] [-M ttl]
          [-m minttl] [-O length] [-P proxy_username] [-p source_port]
          [-q seconds] [-s source] [-T keyword] [-V rtable] [-W recvlimit] [-w timeout]
          [-X proxy_protocol] [-x proxy_address[:port]]           [destination] [port]
        Command Summary:
                -4              Use IPv4
                -6              Use IPv6
                -b              Allow broadcast
                -C              Send CRLF as line-ending
                -D              Enable the debug socket option
                -d              Detach from stdin
                -F              Pass socket fd
                -h              This help text
                -I length       TCP receive buffer length
                -i interval     Delay interval for lines sent, ports scanned
                -k              Keep inbound sockets open for multiple connects
                -l              Listen mode, for inbound connects
                -M ttl          Outgoing TTL / Hop Limit
                -m minttl       Minimum incoming TTL / Hop Limit
                -N              Shutdown the network socket after EOF on stdin
                -n              Suppress name/port resolutions
                -O length       TCP send buffer length
                -P proxyuser    Username for proxy authentication
                -p port         Specify local port for remote connects
                -q secs         quit after EOF on stdin and delay of secs
                -r              Randomize remote ports
                -S              Enable the TCP MD5 signature option
                -s source       Local source address
                -T keyword      TOS value
                -t              Answer TELNET negotiation
                -U              Use UNIX domain socket
                -u              UDP mode
                -V rtable       Specify alternate routing table
                -v              Verbose
                -W recvlimit    Terminate after receiving a number of packets
                -w timeout      Timeout for connects and final net reads
                -X proto        Proxy protocol: "4", "5" (SOCKS) or "connect"
                -x addr[:port]  Specify proxy address and port
                -Z              DCCP mode
                -z              Zero-I/O mode [used for scanning]
        Port numbers can be individual or ranges: lo-hi [inclusive]

三. 场景

端口扫描

$ 扫描一个TCP端口
nc -nvz -w2 172.16.131.29 22

$ 扫描多个TCP端口
nc -nvz -w2 172.16.131.29 22-25

$ 如果是UDP端口扫描,使用-u参数即可
nc -nvz -w2 -u 172.16.131.29 22

实时展示对端的输入

$ A端(A端IP为172.16.131.29)
nc -l -p 3333
where are you from!
haha

$ B端
nc -nv 172.16.131.29 3333
where are you from!
haha

将A服务器上的目录结构传输到B服务器上

$ B端(B端IP为172.16.128.98)
nc -l -p 3333 > a_directory.txt

$ A端
tree / | nc -nv 172.16.128.98 3333

传输文本

$ 接收端(IP为172.16.131.29)
nc -lp 3333 > passwd.txt

$ 发送端
nc -nv 172.16.131.29 3333 < /etc/passwd

传输目录

$ 发送端
tar -cvf - Downloads/  | nc -lp 3333

$ 接收端
nc -nv 172.16.131.29 3333 | tar -xvf -

运行bash命令

$ 被控制端
nc -lp 3333 -c bash

$ 控制中心
nc 172.16.131.29 3333
ls -l
total 0
drwxr-xr-x. 2 work work  6 Dec 24 15:35 Desktop
drwxr-xr-x. 2 work work 22 Dec 25 19:57 Documents
drwxr-xr-x. 3 work work 76 Dec 31 17:02 Downloads
drwxr-xr-x. 2 work work  6 Dec 24 15:35 Music
-rw-rw-r--. 1 work work  0 Dec 31 16:55 passwd.txt
drwxr-xr-x. 2 work work  6 Dec 24 15:35 Pictures
drwxr-xr-x. 2 work work  6 Dec 24 15:35 Public
drwxr-xr-x. 2 work work  6 Dec 24 15:35 Templates
drwxr-xr-x. 2 work work  6 Dec 24 15:35 Videos
🔗

文章推荐