nc -l -e /bin/bash -p 10001
Not much to explain here. -l listens for incoming connections, -e executes /bin/bash when you connect, and -p chooses the port to listen on.
You must use a semicolon after each command.
[email protected]:~$ telnet localhost 10001
Connected to localhost.
Escape character is ‘^]’.
There you go. Obviously this has the potential for misuse; running this as root will create a remote backdoor after all. But it’s also a very useful administrative tool. Keep in mind that nc is not encrypted in any way, and anyone could use this to connect.
nc terminates after you exit your connection, and only one person can be connected at once.