Cyber Forensics Tools

Netcat

Netcat is a tool that transmits data across TCP/UDP connections. It is a common way that forensic investigators use to send data from the infected machine to another device to log it. It has quite a few other features that can be used for various purposes, but it can be simply used as a listener/transmitter pair.

Sans has published a useful Netcat cheat sheet.

Here is the most basic way to use Netcat:

To start a Netcat listener on your machine:
nc -l -v -p 2222 > text.txt

Name the text file depending on what data you are receiving from the compromised system. Use a double ‘>>’ if you need to append data to the same text file.

To connect to your Netcat listener from the compromised machine:
nc [your_machines_ip] 2222

To send results back from commands run on the compromised machine, use a pipe to send the data to your Netcat stream:
[your_command] | nc [your_machines_ip] 2222

Netcat is included in most Linux distros, but must be installed on Windows. If you have Nmap installed on your Windows device, it includes Netcat under the alias of Ncat.

Some Netcat download links:
sourceforge.net
eternallybored.org
joncraton.org

Leave a Reply

Theme by Anders Norén