Think about the cool things you can do in a shell: directly create, modify and delete files; perform loops, iterations, and logical comparisons; directly access standard input, output and error streams; it’s quite a list. Bet there’s one class of utilities you haven’t taken advantage of: socket tools.

Netcat is one of these, originally developed as nc for Unix, and given the sincerest form of flattery by rewrites like GNU netcat and OpenBSD netcat. See the Wikipedia page for a list of variants and links to them.

The long and short of it is: netcat lets you establish connections using UDP or TCP, on any port you choose, between two or more hosts. It does the magical: opens a connection and then simply relays input and output between the participants. That means you could open a shell and execute “arbitrary” commands (ahem), or set up a man-in-the-middle session, or even just run a little server (say, on port 80) that drops some convenient little file on the unsuspecting visitor.

It’s such a low-level utility that it doesn’t even get a place on the Backtrack menus. But just learning about what it does, and how it works, will give you a world of insight into how exploits are created. Like everything in Unix, it’s a building block that lets you construct elaborate structures. If you’ve got netcat on your Linux distro, it’s probably the rewrite provided by the nmap package, which means it has SSL support, IPv6 and all kinds of fancy stuff like connection brokering. They have a very nice users guide at, and some nice examples at

Here’s a nice little TechRepublic article on using netcat to run a “server” and exectute¬† a command upon connection, as well as using it to set up a nice little backdoor into a remote machine:

G-Loaded Journal has more examples of whole partition transfer, SSH tunneling, and port scanning at