Introduction to pwncat

pwncat is a command and control framework that turns a basic reverse or bind shell into a fully-featured exploitation platform. This is somewhat similar to netcat. We can use this tool to get the reverse shell from the victim's machine.

A reverse shell is a shell session established on a connection that is initiated from a remote machine, not from the localhost. 

A bind shell is a type of shell in which the target machine opens up a communication port or a listener on the victim machine and waits for an incoming connection.

Netcat is a very good tool to receive connections and enumerate further but there are some drawbacks. To bind a stabilize the shell in netcat works well. However, the added steps to get a reverse shell are repetitive after a while. There is also a  danger of losing your remote shell by accidentally pressing “C-c” prior to gaining raw access is high. 

Pwncat rectified the problem by running a script on the target machine which contains all the commands soon after the connection is established. It gives a terminal that has more features and is not easily breakable. It has a huge number of features, rather than running a script on the target machine to get an unbreakable and fully functional shell.

Some of the important features of pwncat:

  • Utilize your connection for enumeration of the target machine.
  • File upload/download.
  • Automatic persistence installation.
  • Automated privilege escalation.


pwncat requires python and pip.
cd pwncat
  • It is recommended to use a virtual environment. However, this can be done easily with the Python3 venv module:
python -m venv env
source env/bin/activate
python install
  • If pip is not installed, you can install pwncat with the provided setup scripts:
python --user install
  • To verify installation run pwncat --help.
pwncat is successfully installed
pwncat is a good tool in CTF like environment but make sure you do not use it in exams like OSCP because the automation capabilities such as privilege escalate to other users with just a command and auto enumeration are marked as illegal by offensive security. In CTF pwncat is a much better tool than netcat.
We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

No comments:

Post a Comment