Ncat command in Linux or NC command is used in the maintenance or diagnosis-related tasks for a network. Even though the ‘nc command’ or ‘ncat command’ are separate commands but they are similar to how they perform their functions & one can be used or replace by the other.
Similar to how CAT common in Linux has the ability to manipulate files, NC command in Linux has the ability to perform operations like read, write, or data redirections over the network.
Ncat command can be used as a utility to scan ports, monitoring or can also act as a basic TCP proxy. Organizations can utilize it to review the security of their networks, web servers, telnet servers, mail servers, etc, by checking the ports that are opened or unsecured and then secure them. NC command can also be used to capture information being sent by the system.
Recommended Read: How to use NMAP command to test Server/Network Security
Also Read: How to use FIND command in Linux
First, let’s discuss how we can install NC command or Ncat command on Linux systems.
Install NC command on CentOS
To install the nc command on Centos, simply run the following command,
# yum install nc
Install NC on Ubuntu
Similar to CentOS, the nc command in Ubuntu can be installed with a single command,
$ sudo apt install netcat
Now if you also want to know how to install the ncat command in CentOS & Ubuntu, then here are the commands.
Install Ncat command on CentOS or RHEL
Ncat command in CentOS or RHEL is part of the NMAP command. So to install the ncat command on Centos, run the following command,
# yum install nmap
Install Ncat on Ubuntu
To install Ncat command in Ubuntu,
$ sudo apt install ncat
Now let’s discuss how we can use (NCAT command) NC command in Linux with the help of some examples.
Examples for NC command/Ncat command
Connect to a remote server
The following example shows how we can connect to a remote server with NC command,
$ nc 172.16.16.100 80
Or
$ ncat 172.16.16.100 80
here, 172.16.16.100 is the IP of the server we want to connect to & 80 is the port number for the remote server.
Once the nc command has created the connection, we can then perform some other functions like we can get the page content with
GET/HTTP/1.1
or fetch page name,
GET/HTTP/1.1
or we can get the banner for OS fingerprinting with the following,
HEAD/HTTP/1.1
This will tell us about the application & version being used to run the webserver.
Listen to inbound connection requests on a port
To use the ncat command in Linux to check for an incoming connection on a port number following example can be referenced,
$ nc -l 80
or
$ ncat -l 80
This will put NC in listening mode, & it will check port 80 for incoming connection requests. Listening mode will keep on running until terminated manually.
If we only need to run listening mode for a given amount of time, we can use option ‘w’ for that,
$ nc -w 20 80
or
$ ncat -w 20 80
here, 20 means the listening mode is active on port 80 & will check connections for 20 seconds only.
Connecting to UDP ports
Nc command makes TCP ports connections by default. For NC command to make connections to UDP ports, use the option ‘u’,
$ nc -l -u 55
or
$ ncat -l -u 55
Here, we are connecting to UDP port 55 in listening mode.
Using NC for Port forwarding
Another use for the NC command in Linux is that we can also use it for port forwarding. Using option ‘c’ with the nc command, we can redirect a port to another. An example would be,
$ nc -u -l 80 -c ‘ nc -u -l 90’
or
$ ncat -u -l 80 -c ‘ nc -u -l 90’
here, all incoming connections from port 80 are being forwarded to port 90.
Using NC as a Proxy server
Nc command can also act as a proxy server. To use the NC command as a proxy, use
$ nc – l 80 | nc 172.16.16.200 80
or
$ ncat – l 80 | nc 172.16.16.200 80
here, all incoming connections to port 8080 on localhost are being redirected to the 172.16.16.200 server on port 80, as we do with the help of a proxy server. But this proxy is currently only one way, i.e. it will send the connections to the remote server but can not receive any packets in response.
To create a return passage or 2-way communication channel, use the following commands,
$ mkfifo 2way
$ nc – l 80 0<2way | nc 172.16.16.200 80 1>2way
We now have a fully working 2-way proxy server using the ncat command.
Using NC as a chat tool
Another way to make use of the NC command is using it as a chat tool. Weird but it’s possible. To create a chat tool using the nc command, first, start it in listening mode,
$ nc – l 8080
or
$ ncat – l 8080
Then from the remote machine, connect to the first server that is listening to port 8080,
$ nc 172.16.16.100 8080
or
$ ncat 172.16.16.100 8080
That’s it, you have a working chat tool on your hand. Now we can start a conversation using the terminal/CLI.
Using Ncat to create a system backdoor
Note: This will only work with the ncat command.
One of the most common ways that the ncat command in Linux is used for bad is by using it to create a backdoor. Nc command is used to create a backdoor to our system which can be exploited by hackers (I am mentioning this just for information & so that you can safeguard against these kinds of attacks. You guys should not be using it for wrong purposes, it’s completely wrong, unethical & not to mention can be illegal as well).
To create a backdoor,
$ ncat -l 5500 -e /bin/bash
here, we have attached port 5500 to /bin/bash, which can now be connected from a remote machine to execute the commands,
$ ncat 172.16.16.100 5500
As seen in the screenshot above, I created a backdoor on one tab & then on the second tab I connected to that backdoor & was able to run some commands like ‘date’, ‘df -h’ etc. You can run other commands as well & consider if this backdoor is created as the root user, hackers will have complete access to your system.
Force server to remain up
The server will stop listening for connection once a client connection has been terminated. But with option ‘k’, we can force a server to remain running, even when no client is connected.
$ nc -l -k 8080
These were only some examples of how to use the nc command or ncat command in Linux. There are certainly more ways to use this, GOOD as well as BAD. So use wisely.
If you have any questions or queries regarding the tutorial, please do let us know using the comment box below.