Socat - Privilege Escalation
ID: privesc-socat
Severity: high
Author: daffainfo
Tags: code,linux,socat,privesc,local
Description
Section titled “Description”Socat is a command-line utility that establishes two bidirectional byte streams and transfers data between them. It can be used for a wide range of networking tasks, such as file transfer, port forwarding, and network testing. Socat is known for its versatility and is often used for creating complex network connections and proxies.
YAML Source
Section titled “YAML Source”id: privesc-socat
info: name: Socat - Privilege Escalation author: daffainfo severity: high description: | Socat is a command-line utility that establishes two bidirectional byte streams and transfers data between them. It can be used for a wide range of networking tasks, such as file transfer, port forwarding, and network testing. Socat is known for its versatility and is often used for creating complex network connections and proxies. reference: - https://gtfobins.github.io/gtfobins/socat/ metadata: verified: true max-request: 3 tags: code,linux,socat,privesc,local
self-contained: truecode: - engine: - sh - bash source: | whoami
- engine: - sh - bash source: | socat stdin exec:whoami
- engine: - sh - bash source: | sudo socat stdin exec:whoami
matchers-condition: and matchers: - type: word part: code_1_response words: - "root" negative: true
- type: dsl dsl: - 'contains(code_2_response, "root")' - 'contains(code_3_response, "root")' condition: or# digest: 490a004630440220203d5940862b69aa1be76a0829816a58f6f8ddab05dedfbc1eae523fdd8c4ba50220718465ace2e4b042f8f5e6f4ba540cedbe6916c678f20c36dd82cae07ef3d1bb:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "code/privilege-escalation/linux/binary/privesc-socat.yaml"