nc的用法

debian:/# nc -h
[v1.10-38]
connect to somewhere:   nc [-options] hostname port[s] [ports] ...
listen for inbound:     nc -l -p port [-options] [hostname] [port]
options:
        -c shell commands       as `-e'; use /bin/sh to exec [dangerous!!]
        -e filename             program to exec after connect [dangerous!!]
        -b                      allow broadcasts
        -g gateway              source-routing hop point[s], up to 8
        -G num                  source-routing pointer: 4, 8, 12, ...
        -h                      this cruft
        -i secs                 delay interval for lines sent, ports scanned
        -k                      set keepalive option on socket
        -l                      listen mode, for inbound connects
        -n                      numeric-only IP addresses, no DNS
        -o file                 hex dump of traffic
        -p port                 local port number
        -r                      randomize local and remote ports
        -q secs                 quit after EOF on stdin and delay of secs
        -s addr                 local source address
        -T tos                  set Type Of Service
        -t                      answer TELNET negotiation
        -u                      UDP mode
        -v                      verbose [use twice to be more verbose]
        -w secs                 timeout for connects and final net reads
        -z                      zero-I/O mode [used for scanning]
port numbers can be individual or ranges: lo-hi [inclusive];
hyphens in port names must be backslash escaped (e.g. 'ftp\-data').
debian:/#

debian:/# nc -l -p 81 -v
listening on [any] 81 ...
在其可连接的浏览器输入http://10.10.10.136:81,在监听的服务器端看到如下:
10.10.10.1: inverse host lookup failed: Host name lookup failure
connect to [10.10.10.136] from (UNKNOWN) [10.10.10.1] 27301
GET / HTTP/1.1
Host: 10.10.10.136:81
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.0.12) Gecko/2009070611 Firefox/3.0.12
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: gb2312,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
debian:~# nc -v -z -w2 10.10.10.136 1-100
10.10.10.136: inverse host lookup failed: Host name lookup failure
(UNKNOWN) [10.10.10.136] 80 (www) open
(UNKNOWN) [10.10.10.136] 22 (ssh) open
debian:~# nc -u -v -z -w2 10.10.10.136 1-1000
10.10.10.136: inverse host lookup failed: Host name lookup failure
(UNKNOWN) [10.10.10.136] 883 (?) open
debian:~# nc -v -z -w2 10.10.10.136 1-100 -n
(UNKNOWN) [10.10.10.136] 80 (www) open
(UNKNOWN) [10.10.10.136] 22 (ssh) open
debian:~# nc -v -z -w2 10.10.10.136 1-100 -n -s 10.10.10.136
(UNKNOWN) [10.10.10.136] 80 (www) open
(UNKNOWN) [10.10.10.136] 22 (ssh) open
debian:~# nc -v -z -w2 10.10.10.136 1-100 -n -s 192.168.203.139
(UNKNOWN) [10.10.10.136] 80 (www) open
(UNKNOWN) [10.10.10.136] 22 (ssh) open
debian:~#<!--more-->
debian:~# nc -vv -l -p 21 -n -e /bin/sh             终端一 中
list ening on [any] 21 ...

再开一个端口查看信息;
debian:/# nc 192.168.203.139 21                     终端二中 输入

再次看终端一,变化如下
debian:~# nc -vv -l -p 21 -n -e /bin/sh
listening on [any] 21 ...
connect to [192.168.203.139] from (UNKNOWN) [192.168.203.139] 58873

回到终端二 做命令操作
debian:/# nc 192.168.203.139 21
ps -ef |grep sshd    这里是直接输入的
root      2158     1  0 11:40 ?        00:00:00 /usr/sbin/sshd
root      2891  2158  0 11:43 ?        00:00:09 sshd: root@pts/0
root      4477  2158  0 14:09 ?        00:00:02 sshd: root@pts/1
date
2009年 07月 30日 星期四 16:21:53 CST
uname -a
Linux debian 2.6.26-1-686 #1 SMP Fri Mar 13 18:08:45 UTC 2009 i686 GNU/Linux
w
 16:22:16 up  4:41,  2 users,  load average: 0.00, 0.00, 0.00
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    10.10.10.1       11:43    0.00s  2.36s  0.00s nc 192.168.203.
root     pts/1    10.10.10.1       14:09   28.00s  1.20s  0.04s sh
users
root root
id
uid=0(root) gid=0(root) groups=0(root)
ls -l mysql*
-rw-r--r-- 1 root root 155008 07-19 11:47 mysql-zrm_2.1_all.deb
-rw-r--r-- 1 root root  10374 07-19 11:46 mysql-zrm-client_2.1_all.deb
netstat -anpt |grep nc
tcp        0     23 192.168.203.139:58873   192.168.203.139:21      ESTABLISHED 5568/nc        
netstat -anpt |grep 21
tcp        0      0 127.0.0.1:11211         0.0.0.0:*               LISTEN      2668/memcached 
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2158/sshd      
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      2321/cupsd     
tcp        0      0 192.168.203.139:58873   192.168.203.139:21      ESTABLISHED 5568/nc        
tcp        0      0 192.168.203.139:21      192.168.203.139:58873   ESTABLISHED 5556/sh        
tcp6       0      0 :::22                   :::*                    LISTEN      2158/sshd      
tcp6       0      0 ::1:631                 :::*                    LISTEN      2321/cupsd     
exit
debian:/#

终端一也自动退出
debian:~# nc -vv -l -p 21 -n -e /bin/sh
listening on [any] 21 ...
connect to [192.168.203.139] from (UNKNOWN) [192.168.203.139] 38298

real    0m0.000s
user    0m0.000s
sys     0m0.000s
debian:~# 

发表评论

电子邮件地址不会被公开。 必填项已用*标注