Introduction to pwncat

pwncat is a command and control framework that turns a basic reverse or bind shell into a fully-featured exploitation platform. This is somewhat similar to netcat. We can use this tool to get the reverse shell from the victim's machine.

A reverse shell is a shell session established on a connection that is initiated from a remote machine, not from the localhost. 

A bind shell is a type of shell in which the target machine opens up a communication port or a listener on the victim machine and waits for an incoming connection.

Netcat is a very good tool to receive connections and enumerate further but there are some drawbacks. To bind a stabilize the shell in netcat works well. However, the added steps to get a reverse shell are repetitive after a while. There is also the danger of losing your remote shell by accidentally pressing “C-c” prior to gaining raw access is high. 

Pwncat rectified the problem by running a script on the target machine which contains all the commands soon after the connection is established. It gives a terminal that has more features and is not easily breakable. It has a huge number of features, rather than running a script on the target machine to get an unbreakable and fully functional shell.

Some of the important features of pwncat:

  • Utilize your connection for the enumeration of the target machine.
  • File upload/download.
  • Automatic persistence installation.
  • Automated privilege escalation.


pwncat requires python and pip.
cd pwncat
  • It is recommended to use a virtual environment. However, this can be done easily with the Python3 venv module:
python -m venv env
source env/bin/activate
python install
  • If pip is not installed, you can install pwncat with the provided setup scripts:
python --user install
  • To verify installation run pwncat --help.
pwncat is successfully installed
pwncat is a good tool in a CTF-like environment but make sure you do not use it in exams like OSCP because the automation capabilities such as privilege escalate to other users with just a command and auto enumeration are marked as illegal by offensive security. In CTF pwncat is a much better tool than netcat.
    We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

    No comments:

    Post a Comment