Reverse shell using netcat and UDP is not working. Ask Question 2. I'm trying to set up a reverse shell between two Linux machines (Kali v. 1.0.9), using the default installation of netcat. Using the commands below, I was able to make a connection and relay text information between the two machines.
I'm trying to set up a reverse shell between two Linux machines (Kali v. 1.0.9), using the default installation of netcat.Using the commands below, I was able to make a connection and relay text information between the two machines:
Listener:
Client:
However, modifying the client's arguments to include executing bash upon a connection:
And no connection is made, I'm not quite sure how to get this to work, this doesn't seem to be a problem that other people have experienced and was unsure of how to solve the issue. It might also help to know that these commands work fine using the normal TCP mode, it's only after adding the u flag that it stops working for shells. Any help would be appreciated, thanks!
Maverick314Maverick314
1 Answer
I did some experiments and realized that tunneling shell session via netcat over UDP is almost impossible. The bash does not know that the underlying file descriptor is the UDP socket bash calls read() with buffer size 1. That is fine for interactive shell but when received UDP datagram contains more than 1 byte then data is lost (except the first byte in the datagram).
The netcat uses the standard line buffer at the stdin and the whole line is sent in a single UDP datagram. But bash reads only the first byte from each line.
The other problem is that the client netcat exucuted via command
does not send any data to server because the bash is executed in non-interactive mode and it just waits for a command. The solution is to write a script to execute bash in the interactive mode:
and call server
and client
But the usage is very inconvenient. It is possible to write command on server when each byte is followed by ENTER
So my recommendation is to use other tool than netcat. Perhaps you can tryhttp://code.google.com/p/udptunnel/