nc – tcp/ip swiss army knife


Netcat (often abbreviated to nc) is a computer networking utility for reading from and writing to network connections using TCP or UDP. Netcat is designed to be a dependable back-end that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and investigation tool, since it can produce almost any kind of connection its user could need and has a number of built-in capabilities.

Window I Server

$nc -l -p 3333
how are you ?
Window II client

$nc 3333
how are you ?

Related Source Code Exposition
doexec (fd)
int fd;
register char * p;

dup2 (fd, 0); /* the precise order of fiddlage */
close (fd); /* is apparently crucial; this is */
dup2 (0, 1); /* swiped directly out of "inetd". */

if (doexec_use_sh) {
Debug (("gonna exec "%s" using /bin/sh…", pr00gie))
execl ("/bin/sh", "sh", "-c", pr00gie, NULL);
bail ("exec %s failed", pr00gie); /* this gets sent out. Hmm… */

p = strrchr (pr00gie, ‘/’); /* shorter argv[0] */
if (p)
p = pr00gie;
Debug (("gonna exec %s as %s…", pr00gie, p))
execl (pr00gie, p, NULL);
bail ("exec %s failed", pr00gie); /* this gets sent out. Hmm… */
} /* doexec */

Source Code Highlight

fiddle all  the file descriptors around, and  hand off to another prog.  Sort of like a one-off "poor man's inetd". This is the only section of code that would be security-critical, which  is
why  it's ifdefed  out  by default.  Use at your own hairy risk; if you leave shells lying around
behind open listening ports  you deserve to lose!!

Related Knowledge

It has been suggested  that the open() system call should get   a  flag   which  would   cause  it   to
select  a non-sequential   file   descriptor   from   the   outset, eliminating   the   need   for   a
separate   call   to nonseqfd(). There are, however,  a number of system calls which  create file
descriptors but  which have  no flags parameter and  which, thus, will never be  able to return
non-sequential  file descriptors;  socket() is  a classic example. So there will still  be a need for a
system call which can duplicate a file descriptor into the new space.


%d bloggers like this: