1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
| nc -h
[v1.10-47]
connect to somewhere: nc [-options] hostname port[s] [ports] ...
listen for inbound: nc -l -p port [-options] [hostname] [port]
options:
-c shell commands as `-e'; use /bin/sh to exec [dangerous!!]
-e filename program to exec after connect [dangerous!!]
-b allow broadcasts
-g gateway source-routing hop point[s], up to 8
-G num source-routing pointer: 4, 8, 12, ...
-h this cruft
-i secs delay interval for lines sent, ports scanned
-k set keepalive option on socket
-l listen mode, for inbound connects
-n numeric-only IP addresses, no DNS
-o file hex dump of traffic
-p port local port number
-r randomize local and remote ports
-q secs quit after EOF on stdin and delay of secs
-s addr local source address
-T tos set Type Of Service
-t answer TELNET negotiation
-u UDP mode
-v verbose [use twice to be more verbose]
-w secs timeout for connects and final net reads
-C Send CRLF as line-ending
-z zero-I/O mode [used for scanning]
port numbers can be individual or ranges: lo-hi [inclusive];
hyphens in port names must be backslash escaped (e.g. 'ftp\-data').
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
| nc -h
[v1.10-47]
连接到某处: nc [-options] 主机名 port[s] [ports] ...
监听入站:nc -l -p port [-options] [hostname] [port]
选项:
-c shell 命令为 `-e';使用 /bin/sh 执行 [危险!!]
-e 连接后执行的文件名程序 [危险!!]
-b 允许广播
-g 网关源路由跳点[s],最多 8 个
-G num 源路由指针: 4, 8, 12, ...
-h 这个垃圾
-i secs 发送线路的延迟间隔,扫描的端口
-k 在套接字上设置 keepalive 选项
-l 监听模式,用于入站连接
-n 纯数字 IP 地址,无 DNS
-o 文件十六进制转储流量
-p port 本地端口号
-r 随机化本地和远程端口
-q secs 在标准输入 EOF 后退出并延迟 secs
-s addr 本地源地址
-T tos 设置服务类型
-t 应答 TELNET 协商
-u UDP 模式
-v 详细 [使用两次更详细]
-w secs 连接和最终网络读取超时
-C 发送 CRLF 作为行尾
-z 零 I/O 模式 [用于扫描]
端口号可以是单个或范围:lo-hi [包括];
端口名称中的连字符必须用反斜杠转义(例如“ftp\-data”)。
|
1
2
3
4
5
| nc -lvp 8888
listening on [any] 8888 ...
connect to [127.0.0.1] from localhost [127.0.0.1] 42166
hello
hello too!
|
1
2
3
4
5
| nc -v 127.0.0.1 8888
localhost [127.0.0.1] 8888 (?) open
hello
hello too!
^C
|
1
2
3
4
5
| nc -lvup 9999
listening on [any] 9999 ...
connect to [127.0.0.1] from localhost [127.0.0.1] 51018
udp
^C
|
1
2
3
| nc -vu 127.0.0.1 9999
localhost [127.0.0.1] 9999 (?) open
udp
|
1
2
3
4
| nc -lvp 8888
listening on [any] 8888 ...
connect to [127.0.0.1] from localhost [127.0.0.1] 36584
hello
|
1
2
| echo "hello" | nc -v 127.0.0.1 8888
localhost [127.0.0.1] 8888 (?) open
|
1
2
3
4
5
6
| nc -lvp 8888 > received.txt
listening on [any] 8888 ...
connect to [127.0.0.1] from localhost [127.0.0.1] 42322
cat received.txt
hello
|
1
2
| echo "hello" | nc -v 127.0.0.1 8888
localhost [127.0.0.1] 8888 (?) open
|
1
2
3
4
5
6
| nc -lvp 8888 > received.txt
listening on [any] 8888 ...
connect to [127.0.0.1] from localhost [127.0.0.1] 38316
cat received.txt
filecontent
|
1
2
3
4
5
| rm received.txt
echo "filecontent" > tobesent.txt
cat tobesent.txt | nc -v 127.0.0.1 8888
localhost [127.0.0.1] 8888 (?) open
|
1
2
| -e filename specify filename to exec after connect (use with caution). See the -c option for enhanced functionality.
-e filename 指定连接后执行的文件名(谨慎使用)。请参阅 -c 选项以了解增强的功能。
|
1
2
3
| nc -lvp 1337 -e /bin/bash
listening on [any] 1337 ...
connect to [127.0.0.1] from localhost [127.0.0.1] 35708
|
1
2
3
4
5
6
| nc -v 127.0.0.1 1337
localhost [127.0.0.1] 1337 (?) open
id
uid=0(root) gid=0(root) groups=0(root)
whoami
root
|
