id: privesc-socat info: name: Socat - Privilege Escalation author: daffainfo severity: high description: | Socat is a command-line utility that establishes two bidirectional byte streams and transfers data between them. It can be used for a wide range of networking tasks, such as file transfer, port forwarding, and network testing. Socat is known for its versatility and is often used for creating complex network connections and proxies. reference: - https://gtfobins.github.io/gtfobins/socat/ metadata: verified: true max-request: 3 tags: code,linux,socat,privesc,local self-contained: true code: - engine: - sh - bash source: | whoami - engine: - sh - bash source: | socat stdin exec:whoami - engine: - sh - bash source: | sudo socat stdin exec:whoami matchers-condition: and matchers: - type: word part: code_1_response words: - "root" negative: true - type: dsl dsl: - 'contains(code_2_response, "root")' - 'contains(code_3_response, "root")' condition: or # digest: 4b0a0048304602210099cc2474353834fa6a66ad77e870bc4f92f554d9f797223c6159ff031b3dfe1f022100c127110922ef2fac1198a268a26bc62c7407f4878efdb7a06614b6bd9eb72b9d:922c64590222798bb761d5b6d8e72950