Shell Anywhere
One of Netcat's most powerful features is its ability to execute and redirect standard I/O to a binary or executable file on a listening computer. For example, the commands
Server:
nc -l -p 12345 -e /bin/bash
where Server is the server running Linux and
Server:
nc -l -p 12345 -e cmd.exe
where Server is the server running Windows initialize Netcat as a listener on port 12345. When another Netcat session connects to this computer on port 12345, Netcat redirects I/O to that system's shell program. Figure 3 shows an example of a Windows computer connected over Netcat to a Linux computer. Notice that the Linux whoami command returns the name of the currently logged-on user. In this example, we see that a Windows user who uses Netcat to connect to a bash shell prompt on the Linux computer can issue commands directly on that Linux system under the same privilege as the user account running Netcat—in this case the privileged root account.
In such situations, Netcat is platform-independent. A user can run Netcat on one platform and connect to a Netcat listener on any other platform and issue commands through the redirected binary. You can control any text program in this manner. In the previous example, the binary was the OS's console program—either a Linux bash shell or a Windows command prompt. You can also configure Netcat to use any source or destination port: Imagine how long it might take to discover a Netcat shell program running as a listener on a popular port such as TCP port 80 or TCP port 53 on one of your network servers. A port scan might report TCP 80 as open, but a simple port scan wouldn't discern whether the listening application was a Web server or an illicit Netcat listener.
Friend or Foe?
Netcat offers a huge degree of flexibility in creating network connections, probing remote systems, and facilitating flexible, quick, and ad hoc data transfers between user-defined ports. Netcat's ability to specify any source or destination port, combined with the fact that no authentication is needed to establish a connection between Netcat users, makes it an extremely powerful tool—one that you can use to help manage your network or one that someone could leverage against your network. By learning about this tool's capabilities, you can take full advantage of its benefits and reduce the chances that it will be used against you.