Does it support cross-network operation?

[shanjunmei]

I understand the reverse meaning, it should be used to support ssh to the target of the non-current network, usually a relay server is established, exposed to the public network, and the target machine is connected to the relay server, but the document that confuses me is that the victim How does the attacker know about the attacker's machine (server side)

[anyoneoruser]

Well, this is an interesting question. Nowdays, most pepole install a malware on the target machine using ethier target device access or social engineering. Another easy but technical option is to use wireless attacks but they need to be near of the target and the advantage of the malware is to exclude this need without any social-engineering-vector attack.

The relay (e.g:Tor) may need to support more stable identifiers than IP addresses.
A better option could be to upload a custom program on an hosting service witch enable creating a communication channel with only the atttacker and the victim as members(those 2 members are identified as attacker and victim;an authentication mechanism is needed to prevent those roles to be spoofed) witch you can configure to catch a the shell for you.
Then you only have to set LHOST and LPORT to those of the relay and then to SSH into it to remotely control the target device from any place on the internet without keeping your computer running the handler hours and hours until the victim's device connects, as you use a bind shell.
I'd like to send you the shame i created to illustrate this solution but it is too heavy for github.