NC
在centos8中nc命令为:
[root@localhost netcat]# rpm -q --whatprovides `which nc`
nmap-ncat-7.70-4.el8.x86_64
本次介绍的nc为:netcat-0.7.1,号称网络工具中有“瑞士军刀”美誉。
语法
[root@localhost netcat]# nc -h
Usage: ncat [options] [hostname] [port]
Options:
-4 仅使用ipv4
-6 仅使用ipv6
-c, --sh-exec <command> 通过/bin/sh执行给定命令
-e, --exec <command> 执行给定命令
-m, --max-conns <n> 同时建立的最大连接数,udp不支持
-h, --help 显示帮助
-d, --delay <time> 读写延时时间
-o, --output <filename> 输出会话数据到文件
-x, --hex-dump <filename> 输出会话数据到16进制会话
-i, --idle-timeout <time> 空闲读写超时时长
-p, --source-port port 指明源端口
-s, --source addr 指明源地址
-l, --listen 绑定监听传入连接
-k, --keep-open 监听模式下接受多个连接,udp不支持
-n, --nodns 不解析主机名(no dns)
-t, --telnet 应答telnet握手协议
-u, --udp 使用UDP(default TCP)
-v, --verbose 输出详细的连接产生的日志
-w, --wait <time> 连接超时时长
-z zero-i/o模式,连接成功后立即关闭连接, 不进行数据交换
--allow Allow only given hosts to connect to Ncat
--allowfile A file of hosts allowed to connect to Ncat
--deny Deny given hosts from connecting to Ncat
--denyfile A file of hosts denied from connecting to Ncat
--broker Enable Ncat's connection brokering mode
--proxy <addr[:port]> Specify address of host to proxy through
--proxy-type <type> Specify proxy type ("http" or "socks4" or "socks5")
--proxy-auth <auth> Authenticate with HTTP or SOCKS proxy server
--ssl Connect or listen with SSL
--ssl-cert Specify SSL certificate file (PEM) for listening
--ssl-key Specify SSL private key (PEM) for listening
--ssl-verify Verify trust and domain name of certificates
--ssl-trustfile PEM file containing trusted SSL certificates
--ssl-ciphers Cipherlist containing SSL ciphers to use
--ssl-alpn ALPN protocol list to use.
--version Display Ncat's version information and exit
用法
server:10.10.10.10
client1:10.10.10.11
client2:10.10.10.12
端口扫描
server:
[root@server ~]# nc -l 10.10.10.10 50
client1:
[root@client ~]# nc -vnz -w 5 10.10.10.10 20-50
10.10.10.10 22 (ssh) open
10.10.10.10 50 (re-mail-ck) open
chat server
server:
[root@server ~]# nc -i 60 -d 3 -m 10 -vkl 10.10.10.10 50
Ncat: Version 7.70 ( https://nmap.org/ncat )
Ncat: Listening on 10.10.10.10:50
Ncat: Connection from 10.10.10.11.
Ncat: Connection from 10.10.10.11:35870.
Ncat: Connection from 10.10.10.12.
Ncat: Connection from 10.10.10.12:38312.
server
client1
client2
#-i:连接后60秒没有数据发送就端口
#-d:发送数据后3秒才能收到
#-m:同时支持10个client连接
#-k:客户端退出后服务端继续允许
client1:
[root@client ~]# nc 10.10.10.10 50
server
client1
client2:
[root@localhost ~]# nc 10.10.10.10 50
server
client2
文件传输
server:
[root@server ~]# nc -l 10.10.10.10 50 < /etc/fstab
client1:
[root@client ~]nc 10.10.10.10 50 > fstab
[root@client ~]# ll
-rw-r--r-- 1 root root 579 Feb 7 00:32 fstab
目录传输
server:
[root@server ~]# tar -cf - test | nc -l 50
client1:
[root@client ~]# nc 10.10.10.10 50 | tar -xf -
[root@client ~]# ll
drwxr-xr-x 2 root root 6 Feb 7 00:37 test
磁盘克隆
server:
[root@server ~]# dd if=/dev/sda | nc -l 50
client1:
[root@client ~]# nc 10.10.10.10 50 | dd of=/dev/sdb
执行shell
server:
[root@server ~]# nc -l -e "/bin/bash -i" 50
[root@server ~]# hostname
[root@server ~]# ls
client1:
[root@client ~]# nc 10.10.10.10 50
hostname
server
ls
anaconda-ks.cfg
Desktop
Documents
Downloads
initial-setup-ks.cfg
Music
netcat-0.7.1
netcat-0.7.1.tar.bzip2
Pictures
Public
Templates
test
Videos
server:
[root@cr ~]# mkfifo pipe
[root@cr ~]# sh pipe | nc -nlp 444 > pipe
client:
[root@cr ~]# nc 127.0.0.1 444
ls
LICENSE
pipe
qrcp_0.6.3_linux_x86_64.tar.gz
README.md
web
源地址和源端口
server:
[root@server ~]# nc -l 10.10.10.10 50
client1:
[root@client ~]# nc 10.10.10.10 50 -s 10.10.10.11 -p 50
#不指定源地址和源端口,将随机使用主机上已有地址和随机端口
模拟http client
client1:
[root@client ~]# nc www.baidu.com 80
GET / HTTP/1.1
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 14615
Content-Type: text/html
……省略……
#在GET后面还可以传入http的头部
#GET / HTTP/1.1
#Host: client.org
#Referrer: client.com
#User-Agent: client
……省略……
使用socket通信
server:
[root@server ~]# nc -lU /run/ncsocket
test
server:
[root@server ~]# nc -U /run/ncsocket
test
加密传输
server:
#生成公私钥
[root@server nc]# openssl genrsa -out rsa.key 2048
[root@server nc]# openssl rsa -in rsa.key -pubout -out pub.key
#交换密钥
[root@server nc]# scp pub.key root@10.10.10.11:/root/nc/server.key
[root@server nc]# ls
client1.key pub.key rsa.key
#加密传输
[root@server nc]# echo data > test.txt
[root@server nc]# openssl rsautl -encrypt -inkey client1.key -pubin -in test.txt -out - | nc -l 50
client
#生成公私钥
[root@server nc]# openssl genrsa -out rsa.key 2048
[root@server nc]# openssl rsa -in rsa.key -pubout -out pub.key
#交换密钥
[root@client nc]# scp pub.key root@10.10.10.10:/root/nc/client1.key
[root@client nc]# ls
pub.key rsa.key server.key
#接收解密
[root@client nc]# nc 10.10.10.10 50 | openssl rsautl -decrypt -inkey rsa.key -in - -out test.txt
[root@client nc]# cat test.txt
data