This command initiates or receives a connection to a remote victim and establishes a pwncat session. Sessions can be established over any socket-like communication layer. Currently, communications channels for reverse and bind shells over raw sockets and SSH are implemented.
The connect command is written to take a flexible syntax. At it’s core, it accepts
a connection string which looks like this:
It also makes some assumptions if some or all of this connection string is missing.
The following assumptions are made if one or more of the above sections are missing
If no protocol is specified, but the user and host are specified, assume SSH protocol.
If no protocol, user, or port are specified, assume reconnect protocol.
If no protocol, user, password or port are specified, assume reconnect protocol.
If no protocol, user or password are specified and host is not 0.0.0.0, assume connect protocol.
If no protocol, user, password or host are specified, assume bind protocol.
Further, any input which supplies a username (and optionally a password field) and a host with no port or protocol will attempt to reconnect via installed persistence first.
This command also accepts a second positional parameter to specify the port. This
parameter cannot be used along with the port within the connection string. The
reason for the second port argument is to support
netcat like syntax.
These rules mean that you can invoke pwncat in a similar fashion to common
tools such as
netcat. For example, all of the following are valid:
# Connect to a bind shell on 4444 connect 10.10.10.10 4444 connect connect://10.10.10.10:4444 connect 10.10.10.10:4444 # Listen for reverse shell on 4444 connect bind://0.0.0.0:4444 connect 0.0.0.0:4444 connect :4444 connect -lp 4444 # Connect via ssh connect email@example.com connect -i id_rsa firstname.lastname@example.org connect user:email@example.com # Reconnect to host via IP, hostname or host hash connect user@[hostname, host hash or IP] connect reconnect://user:firstname.lastname@example.org connect [hostname, host hash or IP]
For more concrete examples, see the
Basic Usage page. The arguments to pwncat are
the same as the arguments to