Here's a method for opening up a TCP connection from one host to another without needing to install any tools.
From the attacker machine, wait for a connection
Wait for connections
|
|
From the victim
Call home
|
|
The victim code will open up a connection the the attacker, allowing the attacker to run whatever bash commands he wants. All this without installing anything on the victim. Spooky.