nc/ncat 用于两台服务器之间传输文件,可以用作聊天工具,其安装包是nmap-ncat
nc命令的常用选项为:
-m, --max-conns <n> 最大并发连接数(单独开启不生效,需配合--keep-open/--broker使用)
-l, --listen 绑定和监听接入连接(server端使用)
-t, --telnet 响应telnet连接
-u, --udp 使用udp协议,默认tcp
-v, --verbose 显示详细信息
--allow 允许指定主机连接
--allowfile 允许指定文件内的主机连接
用法一:聊天工具
下面可以相互发送信息
A主机ip192.168.137.177
[zhangsan@centos7 ~]$ ncat -v -lp 8081
Ncat: Version 6.40 ( http://nmap.org/ncat )
Ncat: Listening on :::8081
Ncat: Listening on 0.0.0.0:8081
Ncat: Connection from 192.168.137.173.
Ncat: Connection from 192.168.137.173:39054.
nihao
有个问题想问您
B主机
[lisi@dqysh020073 ~]$ nc -v 192.168.137.177 8081
Ncat: Version 6.40 ( http://nmap.org/ncat )
Ncat: Connected to 192.168.137.177:8081.
nihao
有个问题想问您
用法二:传输目录,**目录传输完后,客户端这时B主机可以向A发信息,但是B不可以
A出现的信息
[zhangsan@centos7 ~]$ tar cvf - test-nc |bzip2 -z|nc -v -lp 8081
Ncat: Version 6.40 ( http://nmap.org/ncat )
test-nc/
test-nc/nc1/
Ncat: Listening on :::8081
test-nc/nc1/nc1.txt
Ncat: Listening on 0.0.0.0:8081
test-nc/nc2/
test-nc/nc2/nc2.txt
Ncat: Connection from 192.168.137.173.
Ncat: Connection from 192.168.137.173:39016.
nihao
wanbi
B出现的信息
[lisi@dqysh020073 ~]$ nc -nv 192.168.137.177 8081 |bzip2 -d|tar xvf -
Ncat: Version 6.40 ( http://nmap.org/ncat )
Ncat: Connected to 192.168.137.177:8081.
test-nc/
test-nc/nc1/
test-nc/nc1/nc1.txt
test-nc/nc2/
test-nc/nc2/nc2.txt
nihao
wanbi
用法三:服务端打开一个shell供客户端登陆,客户端登陆的目录是服务端创建命令的目录
可以执行有权限的脚本,正确的结果直接显示在客户端,错误结果显示在服务端
**此时的服务器A是无法发信息让B看到的,A看到的是B输入命令后的报错信息
A
[zhangsan@centos7 ~]$ nc -v -c /bin/bash -lp 8081
Ncat: Version 6.40 ( http://nmap.org/ncat )
Ncat: Listening on :::8081
Ncat: Listening on 0.0.0.0:8081
Ncat: Connection from 192.168.137.173.
Ncat: Connection from 192.168.137.173:39086.
grep: eno: 没有那个文件或目录
ls: 无法访问what: 没有那个文件或目录
B
[lisi@dqysh020073 ~]$ nc -v 192.168.137.177 8081
Ncat: Version 6.40 ( http://nmap.org/ncat )
Ncat: Connected to 192.168.137.177:8081.
ifconfig|grep eno
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ifconfig|grep -E 3 eno
ifconfig|grep -C 3 eno
TX packets 26 bytes 3017 (2.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.137.177 netmask 255.255.255.0 broadcast 192.168.137.255
inet6 fe80::20c:29ff:fe75:321f prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:75:32:1f txqueuelen 1000 (Ethernet)
ls what
用法四:为安全考虑限定可以使用客户端主机ip
**此时的情况是如果B的ip在规定的范围内,命令就会生效,否则,B可以连接A主机,但是输入的命令无效
A 打开shell,允许192.168.137.0/24网段的主机访问并且最大连接数为3
[zhangsan@centos7 ~]$ ncat --exec "/bin/bash" --max-conns 3 --allow 192.168.137.0/24 -l 8081 --keep-open
lisi@192.168.137.173's password:
B
[lisi@dqysh020073 ~]$ nc -v 192.168.137.177 8081
Ncat: Version 6.40 ( http://nmap.org/ncat )
Ncat: Connected to 192.168.137.177:8081.
ssh lisi@192.168.137.173
Last failed login: Mon Mar 19 11:07:10 CST 2018 from 192.168.137.177 on ssh:notty
There were 2 failed login attempts since the last successful login.
bash: 123456: command not found
ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
ether 02:42:e6:9f:f5:9e txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker_gwbridge: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.19.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
ether 02:42:44:30:db:1a txqueuelen 0 (Ethernet)
RX packets 12124 bytes 1275252 (1.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 12183 bytes 1232859 (1.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.137.173 netmask 255.255.255.0 broadcast 192.168.137.255
inet6 fe80::250:56ff:fe38:8645 prefixlen 64 scopeid 0x20<link>
ether 00:50:56:38:86:45 txqueuelen 1000 (Ethernet)
RX packets 12124 bytes 1275252 (1.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 12183 bytes 1232859 (1.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
其他:在客户端B上面使用ssh登陆自己是提示信息在A上面,A上面输入密码后,就是从nc上面登陆了B
如果需要输入密码,可以选择加密传输,服务器和客户端都加上--ssl参数
据说nc以前的版本支持-z选项的探测,我试过了不支持,说是新版本取消了这个选项,百度了一下,说是加上</dev/null 管用