A named pipe is not exactly the same as a reverse shell, but it can be used in a similar way to establish a remote connection between two systems. A named pipe is a type of inter-process communication (IPC) mechanism that allows two or more processes to communicate with each other on a local computer or over a network. A named pipe has a name and is implemented as a file object. Processes can read from and write to the named pipe as if it were a regular file. Named pipes are commonly used in client-server applications, where a server process creates a named pipe and waits for client processes to connect to it. Once a client connects to the named pipe, the server can send and receive data to and from the client. ChatGPT
📕 RTFM
cmd.exe /c echo something > \\.\pipe\something2
/c
tells cmd.exe
to execute the command and then quit. Putting it all together, the command is echoing the text “something” and redirects it to a named pipe called “something2”.
To create a named pipe, do the following:
mkfifo \\.\pipe\MyNamedPipe
dir \\.\pipe\MyNamedPipe
del \\.\pipe\MyNamedPipe
Some malware and tools use specific format for named pipes, for example, msagent-##
or postex_####
.