NetCat (NC)

NetCat is simple TCP or Unix socket client/server. It is included in system on OpenBSD as nc(1) command.

Crude remote shell

NetCat has no such function implemented, but I figured out primitive way how to do it:

On server run:

nc -l 1234 | sh | nc -l 2345

Now on client side connect "shell output server":

nc IP_ADDRESS 2345
# here you will see shell output

Now open another connection that will be "shell input server":

nc IP_ADDRESS 1234

Now you can type command in 2nd server to see output from 1st server:

• example session on 2nd client:

  obsd-75$ nc 127.0.0.1 1234
  ls
  pwd
  

• and here is output from above shell commands on 1st client:

  obsd-75$ nc 127.0.0.1 2345
  history-password.txt
  src
  /home/ansible
  

OpenBSD remote shell in ramdisk (bsd.rd)

nc is not included in OpenBSD installer (bsd.rd - kernel with ramdisk). To run it from other filesystem - you need to build it statically.

Example tested on OpenBSD 7.5:

cd /usr/src/usr.bin/nc
cc -o ~/nc.static -static -ltls -lssl -lcrypto netcat.c atomicio.c socks.c 

  netcat.c(/tmp/netcat-567175.o:(main)): warning: mktemp() possibly used unsafely; consider using mkstemp()

strip ~/nc.static
~/nc.static --help                                                                                                            

  nc.static: unknown option -- -

Now put that nc.static binary somewhere where you can run it from installation media (on http server or to some free slice). TODO