nc的用法

显示代码

001 002 003 004 005 006 007 008 009 010 011 012 013 014 015 016 017 018 019 020 021 022 023 024 025 026 027 028 029 030 031 032 033 034 035 036 037 038 039 040 041 042 043 044 045 046 047 048 049 050 051 052 053 054 055 056 057 058 059 060 061 062 063 064 065 066 067 068 069 070 071 072 073 074 075 076 077 078 079 080 081 082 083 084 085 086 087 088 089 090 091 092 093 094 095 096 097 098 099 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116

debian:/# nc -h [v1.10-38] connect to somewhere:   nc [-options] hostname port[s] [ports] ... listen for inbound:     nc -l -p port [-options] [hostname] [port] options:         -c shell commands       as `-e'; use /bin/sh to exec [dangerous!!]         -e filename             program to exec after connect [dangerous!!]         -b                      allow broadcasts         -g gateway              source-routing hop point[s], up to 8         -G num                  source-routing pointer: 4, 8, 12, ...         -h                      this cruft         -i secs                 delay interval for lines sent, ports scanned         -k                      set keepalive option on socket         -l                      listen mode, for inbound connects         -n                      numeric-only IP addresses, no DNS         -o file                 hex dump of traffic         -p port                 local port number         -r                      randomize local and remote ports         -q secs                 quit after EOF on stdin and delay of secs         -s addr                 local source address         -T tos                  set Type Of Service         -t                      answer TELNET negotiation         -u                      UDP mode         -v                      verbose [use twice to be more verbose]         -w secs                 timeout for connects and final net reads         -z                      zero-I/O mode [used for scanning] port numbers can be individual or ranges: lo-hi [inclusive]; hyphens in port names must be backslash escaped (e.g. 'ftp\-data'). debian:/#   debian:/# nc -l -p 81 -v listening on [any] 81 ... 在其可连接的浏览器输入http://10.10.10.136:81,在监听的服务器端看到如下： 10.10.10.1: inverse host lookup failed: Host name lookup failure connect to [10.10.10.136] from (UNKNOWN) [10.10.10.1] 27301 GET / HTTP/1.1 Host: 10.10.10.136:81 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.0.12) Gecko/2009070611 Firefox/3.0.12 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-cn,zh;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: gb2312,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive debian:~# nc -v -z -w2 10.10.10.136 1-100 10.10.10.136: inverse host lookup failed: Host name lookup failure (UNKNOWN) [10.10.10.136] 80 (www) open (UNKNOWN) [10.10.10.136] 22 (ssh) open debian:~# nc -u -v -z -w2 10.10.10.136 1-1000 10.10.10.136: inverse host lookup failed: Host name lookup failure (UNKNOWN) [10.10.10.136] 883 (?) open debian:~# nc -v -z -w2 10.10.10.136 1-100 -n (UNKNOWN) [10.10.10.136] 80 (www) open (UNKNOWN) [10.10.10.136] 22 (ssh) open debian:~# nc -v -z -w2 10.10.10.136 1-100 -n -s 10.10.10.136 (UNKNOWN) [10.10.10.136] 80 (www) open (UNKNOWN) [10.10.10.136] 22 (ssh) open debian:~# nc -v -z -w2 10.10.10.136 1-100 -n -s 192.168.203.139 (UNKNOWN) [10.10.10.136] 80 (www) open (UNKNOWN) [10.10.10.136] 22 (ssh) open debian:~#<!--more--> debian:~# nc -vv -l -p 21 -n -e /bin/sh             终端一 中 list ening on [any] 21 ...   再开一个端口查看信息； debian:/# nc 192.168.203.139 21                     终端二中 输入   再次看终端一，变化如下 debian:~# nc -vv -l -p 21 -n -e /bin/sh listening on [any] 21 ... connect to [192.168.203.139] from (UNKNOWN) [192.168.203.139] 58873   回到终端二 做命令操作 debian:/# nc 192.168.203.139 21 ps -ef |grep sshd    这里是直接输入的 root      2158     1  0 11:40 ?        00:00:00 /usr/sbin/sshd root      2891  2158  0 11:43 ?        00:00:09 sshd: root@pts/0 root      4477  2158  0 14:09 ?        00:00:02 sshd: root@pts/1 date 2009年 07月 30日 星期四 16:21:53 CST uname -a Linux debian 2.6.26-1-686 #1 SMP Fri Mar 13 18:08:45 UTC 2009 i686 GNU/Linux w  16:22:16 up  4:41,  2 users,  load average: 0.00, 0.00, 0.00 USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT root     pts/0    10.10.10.1       11:43    0.00s  2.36s  0.00s nc 192.168.203. root     pts/1    10.10.10.1       14:09   28.00s  1.20s  0.04s sh users root root id uid=0(root) gid=0(root) groups=0(root) ls -l mysql* -rw-r--r-- 1 root root 155008 07-19 11:47 mysql-zrm_2.1_all.deb -rw-r--r-- 1 root root  10374 07-19 11:46 mysql-zrm-client_2.1_all.deb netstat -anpt |grep nc tcp        0     23 192.168.203.139:58873   192.168.203.139:21      ESTABLISHED 5568/nc        netstat -anpt |grep 21 tcp        0      0 127.0.0.1:11211         0.0.0.0:*               LISTEN      2668/memcached tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2158/sshd      tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      2321/cupsd     tcp        0      0 192.168.203.139:58873   192.168.203.139:21      ESTABLISHED 5568/nc        tcp        0      0 192.168.203.139:21      192.168.203.139:58873   ESTABLISHED 5556/sh        tcp6       0      0 :::22                   :::*                    LISTEN      2158/sshd      tcp6       0      0 ::1:631                 :::*                    LISTEN      2321/cupsd     exit debian:/#   终端一也自动退出 debian:~# nc -vv -l -p 21 -n -e /bin/sh listening on [any] 21 ... connect to [192.168.203.139] from (UNKNOWN) [192.168.203.139] 38298   real    0m0.000s user    0m0.000s sys     0m0.000s debian:~#