nc has different applications that can be of great value to a pentester.
It supports both TCP and UDP protocols.
It can function as a client that connects to a listening port or as a server that listens on a port of our choice. We can use it as a simple client or server over TCP or UDP.
We can connect to a server, similarly to how telnet connection is made, to collect servers banner:
$ nc MACHINE_IP 80
GET / HTTP/1.1
HTTP/1.1 200 OK
Date: Tue, 17 Aug 2021 11:39:49 GMT
Last-Modified: Tue, 17 Aug 2021 11:12:16 GMT
Based on the server banner we can tell that on port 80, we have firstname.lastname@example.org listening for incoming connections.
We can use netcat to listen on a TCP port and connect to a listening port on another system.
On the server, where we want to open a port and listen on it, we can issue:
nc -lp 1234
nc -v -n -l -p 1234
to open nc in:
Ports less than 1024 need root privileges to listen on
On the client-side, we would issue:
$ nc MACHINE_IP 1234
After you successfully establish a connection to the server, whatever you type on the client-side will be echoed on the server-side and vice versa.
This means that whatever we type on one side to the other side of the TCP tunnel.