███╗ ██╗███████╗████████╗ ██████╗ █████╗ ████████╗ ████╗ ██║██╔════╝╚══██╔══╝██╔════╝██╔══██╗╚══██╔══╝ ██╔██╗ ██║█████╗ ██║ ██║ ███████║ ██║ ██║╚██╗██║██╔══╝ ██║ ██║ ██╔══██║ ██║ ██║ ╚████║███████╗ ██║ ╚██████╗██║ ██║ ██║
NC NETCAT
THE SWISS ARMY KNIFE OF NETWORKING
MODULE 02 — BANNER GRABBING · LISTENERS · PORT CHECK · FILE TRANSFER
Opening raw TCP socket...

OBJECTIVES

Grab the SSH banner (port 22)
Grab the FTP banner (port 21)
Send a raw HTTP GET request
Check ports with nc -zv
Set up a listener with nc -lvnp
Catch a reverse shell connection
Transfer a file using netcat
Submit the pentest report
💻
Terminal
📡
Listener
📖
Reference
📝
Notepad
📋
Report
NC LAB
Terminal
Listener
Reference
Notepad
Report
--:--:--
PHASE 1 — BANNER GRABBING
MISSION BRIEF
PENTEST ENGAGEMENT — AUTHORISED

NETCAT — THE SWISS ARMY KNIFE

TARGET: 10.10.15.150 — services.apexlab.local

SCENARIO

Nmap has confirmed several open ports on 10.10.15.150. Now use Netcat (nc) to manually interact with those services — grab banners, send raw requests, check ports, and demonstrate how nc can be used to receive a reverse shell and transfer files.

TARGET SERVICES

PortService
21/tcpFTP — vsftpd
22/tcpSSH — OpenSSH
80/tcpHTTP — Apache
443/tcpHTTPS
4444/tcpReserved for listener

PHASES

  • Phase 1 — Banner grabbing (SSH, FTP, HTTP)
  • Phase 2 — Raw HTTP request
  • Phase 3 — Port checking (-zv)
  • Phase 4 — Set up a listener
  • Phase 5 — Catch a reverse shell
  • Phase 6 — File transfer

HOW TO USE THE LISTENER PANEL

The Listener window simulates a second terminal — it shows what the receiving end of a netcat connection sees. Set up your listener there with nc -lvnp 4444, then from the main terminal connect back to simulate a reverse shell.

Display Mode
TERMINAL — attacker@kali:~$
┌──(attacker㉿kali)-[~]
└─$ # Target: 10.10.15.150 — Type "help" for commands
└─$
LISTENER — attacker@kali [PORT 4444]
No listener active — run: nc -lvnp 4444
# This panel shows the listener side of a netcat connection
# Start a listener with: nc -lvnp 4444
└─$
REFERENCE — NETCAT
BASIC SYNTAX
nc [options] [host] [port]
KEY FLAGS
FlagDescription
-lListen mode — wait for incoming connection
-vVerbose — show connection details
-nNo DNS resolution (use IPs only)
-p [port]Local port to listen on
-zZero-I/O mode — port scanning only
-uUDP mode (default is TCP)
-w [sec]Timeout for connections
-e [cmd]Execute command on connect (ncat/older nc)
BANNER GRABBING
SSH banner
nc 10.10.15.150 22
FTP banner
nc 10.10.15.150 21
HTTP banner
nc 10.10.15.150 80
RAW HTTP REQUEST
Connect to port 80, then type the HTTP request manually:
nc 10.10.15.150 80
GET / HTTP/1.0
Host: 10.10.15.150
[press Enter twice]
PORT CHECKING
nc -zv 10.10.15.150 20-25
nc -zv 10.10.15.150 80 443 8080
LISTENER / REVERSE SHELL
Set up listener (in Listener panel)
nc -lvnp 4444
Trigger reverse shell (in main terminal)
nc 10.10.15.150 4444
FILE TRANSFER
Receiver side (listener)
nc -lvnp 4444 > received_file.txt
Sender side
nc 10.10.15.150 4444 < loot.txt
USEFUL COMBOS
nc -zv 10.10.15.150 1-1024 2>&1 | grep open
NOTEPAD — RECON NOTES
PENTEST REPORT — NETCAT RECON
BANNER GRABBING
Paste the exact version strings returned by the target services.
FILE TRANSFER FLAG
Complete the file transfer exercise to receive the flag, then paste it below.
Score: 0 / 3

🚩 FLAG CAPTURED

FILE TRANSFER SUCCESSFUL — loot.txt received