Netcat笔记
netcat是一个用来调试网络数据的工具,对调试网络编程来说十分方便,同时也可以实现很多强大的功能,对于网络安全也有很重要的意义。以下是一些常用用法的说明:
1.作为远程登陆shell工具使用:
在服务端运行以下命令在12345端口listen连接,这里-e /bin/bash为连接上以后可以执行bash命令:
gcc:~ zookeep$ netcat -l -p 12345 -e /bin/bash在另一个终端连接服务并执行一些命令:
gcc:Desktop zookeep$ netcat 10.223.138.163 12345
ls | grep test
test
perl -e 'print "hello"';
hello
python -c "print 123"
123
uname -a
Darwin gcc.local 13.3.0 Darwin Kernel Version 13.3.0: Tue Jun 3 21:27:35 PDT 2014; root:xnu-2422.110.17~1/RELEASE_X86_64 x86_642. -v选项,打印出得到的消息,-n选项,只接受点分IP地址,不再进行DNS解析:
如对于google.com
gcc:~ zookeep$ ping -c 4 google.com
PING google.com (74.125.200.113): 56 data bytes
64 bytes from 74.125.200.113: icmp_seq=0 ttl=48 time=117.342 ms
64 bytes from 74.125.200.113: icmp_seq=1 ttl=48 time=122.505 ms
64 bytes from 74.125.200.113: icmp_seq=2 ttl=48 time=118.082 ms
64 bytes from 74.125.200.113: icmp_seq=3 ttl=48 time=134.491 ms
--- google.com ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 117.342/123.105/134.491/6.864 ms
gcc:~ zookeep$ netcat -v -n 74.125.200.113 80
74.125.200.113 80 (http) open
如果使用-n时给出域名将无法解析:
gcc:~ zookeep$ netcat -v -n google.com 80
Error: Couldn't resolve host "google.com"使用-v加域名是可以自动解析的:
gcc:~ zookeep$ netcat -v google.com 443
google.com [74.125.200.113] 443 (https) open3.使用-lp进行listen并重定向对端输入:
gcc:~ zookeep$ netcat -v localhost 12345
localhost [127.0.0.1] 12345 (italk) open
hello world
test words from client
^CExiting.在断掉client之后,server的当前目录下就会出现刚才输入的内容, 这个功能可以作为一个局域网下的通信工具。
4.作为轻量级端口扫描使用,更好的工具是nmap,打开12345端口以后,进行连接,可以得到源端口和目的端口的信息,以及是否连接成功:
gcc:~ zookeep$ nc -v localhost 12345
nc: connectx to localhost port 12345 (tcp) failed: Connection refused
found 0 associations
found 1 connections:
1: flags=82
outif lo0
src 127.0.0.1 port 64609
dst 127.0.0.1 port 12345
rank info not available
TCP aux info available
Connection to localhost port 12345 [tcp/italk] succeeded!
lll 5.一个复杂点的扫描实例,-r随机扫描端口列表,-w3超时时间3秒,-z使用0输入输出:
gcc:~ zookeep$ nc -v -n -r -w3 -z 127.0.0.1 10-15
nc: connectx to 127.0.0.1 port 15 (tcp) failed: Connection refused
nc: connectx to 127.0.0.1 port 11 (tcp) failed: Connection refused
nc: connectx to 127.0.0.1 port 10 (tcp) failed: Connection refused
nc: connectx to 127.0.0.1 port 13 (tcp) failed: Connection refused
nc: connectx to 127.0.0.1 port 12 (tcp) failed: Connection refused
nc: connectx to 127.0.0.1 port 14 (tcp) failed: Connection refused6.从连接中得到一些信息,比如连接MySQL后得到版本(5.6.16):
gcc:Desktop zookeep$ netcat localhost 3306
J
5.6.16`QT3@'C\��'K$q.0DEnx34mysql_native_password这个功能使用Python的简单实现:
import socket
import re
def get_mysql_version(ip_address):
sock = socket.socket()
addr = (ip_address, 3306)
try:
sock.connect(addr)
except Exception, error:
print error
data = sock.recv(2046)
re_obj = r'5.\d+.\d+'
return re.findall(re_obj, data)[0]
if __name__ == '__main__':
print 'MySQL version:', get_mysql_version('localhost')7.进行HTTP请求:
gcc:~ zookeep$ netcat -v google.com 80
google.com [74.125.200.113] 80 (http) open
GET / HTTP/1.1
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Location: http://www.google.com.sg/?gfe_rd=cr&ei=-J4nVa73EIWCuASZ_4HgAQ
Content-Length: 262
Date: Fri, 10 Apr 2015 09:59:20 GMT
Server: GFE/2.0
Alternate-Protocol: 80:quic,p=0.5
302 Moved
302 Moved
The document has moved
here.
8.扫描本机的开放端口:
gcc:Desktop zookeep$ netcat -v -z localhost 1-65535
localhost [127.0.0.1] 21 (ftp) open
localhost [127.0.0.1] 80 (http) open
localhost [127.0.0.1] 443 (https) open
localhost [127.0.0.1] 631 (ipp) open
localhost [127.0.0.1] 3306 (mysql) open
localhost [127.0.0.1] 8021 (intu-ec-client) open
localhost [127.0.0.1] 25035 open
localhost [127.0.0.1] 27017 open
没有评论:
发表评论