Socat is a command-line utility that establishes two bidirectional byte streams and transfers data between them. It can be used for a wide range of networking tasks, such as file transfer, port forwarding, and network testing. Socat is known for its versatility and is often used for creating complex network connections and proxies.
PoC代码[已公开]
id: privesc-socat
info:
name: Socat - Privilege Escalation
author: daffainfo
severity: high
description: |
Socat is a command-line utility that establishes two bidirectional byte streams and transfers data between them. It can be used for a wide range of networking tasks, such as file transfer, port forwarding, and network testing. Socat is known for its versatility and is often used for creating complex network connections and proxies.
reference:
- https://gtfobins.github.io/gtfobins/socat/
metadata:
verified: true
max-request: 3
tags: code,linux,socat,privesc,local
self-contained: true
code:
- engine:
- sh
- bash
source: |
whoami
- engine:
- sh
- bash
source: |
socat stdin exec:whoami
- engine:
- sh
- bash
source: |
sudo socat stdin exec:whoami
matchers-condition: and
matchers:
- type: word
part: code_1_response
words:
- "root"
negative: true
- type: dsl
dsl:
- 'contains(code_2_response, "root")'
- 'contains(code_3_response, "root")'
condition: or
# digest: 490a004630440220203d5940862b69aa1be76a0829816a58f6f8ddab05dedfbc1eae523fdd8c4ba50220718465ace2e4b042f8f5e6f4ba540cedbe6916c678f20c36dd82cae07ef3d1bb:922c64590222798bb761d5b6d8e72950