cd /tmp
wget http://ftp.de.debian.org/debian/pool/main/n/netcat/netcat_1.10.orig.tar.gz
wget http://ftp.de.debian.org/debian/pool/main/n/netcat/netcat_1.10-38.diff.gz
tar vxzf netcat_1.10.orig.tar.gz
cd netcat-1.10.orig/
zcat ../netcat_1.10-38.diff.gz | patch -p1
//Vi Makefile line 11
DFLAGS = -DDEBIAN_VERSION='"1.10-38"' -DGAPING_SECURITY_HOLE -DIP_TOS -DTELNET
mv nc.exe /bin/
mv nc.1 /usr/share/man/man1/
nc -h
$ nc -h
[v1.10-38]
connect to somewhere: nc [-options] hostname port[s] [ports] ...
listen for inbound: nc -l -p port [-options] [hostname] [port]
options:
-c shell commands as `-e'; use /bin/sh to exec [dangerous!!]
-e filename program to exec after connect [dangerous!!]
-b allow broadcasts
-g gateway source-routing hop point[s], up to 8
-G num source-routing pointer: 4, 8, 12, ...
-h this cruft
-i secs delay interval for lines sent, ports scanned
-k set keepalive option on socket
-l listen mode, for inbound connects
-n numeric-only IP addresses, no DNS
-o file hex dump of traffic
-p port local port number
-r randomize local and remote ports
-q secs quit after EOF on stdin and delay of secs
-s addr local source address
-T tos set Type Of Service
-t answer TELNET negotiation
-u UDP mode
-v verbose [use twice to be more verbose]
-w secs timeout for connects and final net reads
-z zero-I/O mode [used for scanning]
port numbers can be individual or ranges: lo-hi [inclusive];
hyphens in port names must be backslash escaped (e.g. 'ftp\-data').
TEST
//连接指定端口
nc -nvv 192.168.x.x 80
//端口转发,抓包
nc -l -p 1234 -c 'tee 1234.txt | nc 192.168.x.x 22 | tee ssh.txt'
putty logon with localhost port 1234
//端口扫描
nc -v -n -z -w1 192.168.x.x 1-65535
nc -nvv -w2 -z 192.168.x.x 80-445
//本地监听端口,简单实现双机聊天
HOSTA: nc -l -p 800 或 nc -l -p 800
//端口攻击 //后门 //访问站点 ref:http://blog.csdn.net/redraiment/archive/2011/03/18/6257953.aspx 本文来自: cygwin下netcat编译与使用
type e:\\yourdata.data |nc -nvv 127.0.0.1 3333
或 nc -nvv 127.0.0.1 3333
HOSTA $ nc -l -p 7777 -e /bin/bash
HOSTB nc HOSTA 7777
//ls mkdir etc.
nc www.baidu.com
GET / http/1.1
