Transfer Files Using Netcat

Netcat is often known as the swiff army knife for TCP/IP. It’s features include but not limited to UDP/TCP port scanning, file transfers, tunneling of UDP over TCP, port forwarding and so on.

So how do you move files to and from hosts when a proper file transfer protocol such as FTP or SFTP is not available? Transfer files using netcat of course!

Netcat is able to run in two modes – server and client. We will use the two modes to transfer the /etc/hosts file from one workstation to another. Workstation ‘A’ will receive the file from workstation ‘B’.

On workstation ‘A’, we set up netcat to run in server mode on port 8000 and redirect the output to a temporary file.

root@wkstn-a:~# nc -l 8000 > /tmp/hostsfile

On workstation ‘B’, we connect to workstation ‘A’ on port 8000 and push the file using netcat.

root@wkstn-b:~# netcat wkstn-a 8000 < /etc/hosts

The netcat process running in workstation 'A' will terminate once it receives and 'EOF' from workstation 'B'. To make sure that the transferred file is not corrupted, run the md5sum command on both the workstations and compare the hash output.

root@wkstn-b:~# md5sum /etc/hosts
a7e53cc2948718551c5eff9ea471062a  /etc/hosts
root@wkstn-a:~# md5sum /tmp/hostsfile
a7e53cc2948718551c5eff9ea471062a  /tmp/hostsfile

Did you notice that no authentication was required at all for the file transfer using netcat? This example definitively demonstrates the danger of allowing an unauthorized user running netcat.

Netcat is available for both Windows and UNIX. The Windows version of netcat is available here. Most recent distibutions of UNIX comes with a decent version of netcat.

ibrahim = { interested_in(unix, linux, android, open_source, reverse_engineering); coding(c, shell, php, python, java, javascript, nodejs, react); plays_on(xbox, ps4); linux_desktop_user(true); }