xct / xc Goto Github PK

[Linux] - cannot spawn another client

On the box you created, named Agile, I tried to spawn another client but it failed complaining about permissions as follow:

[xc: /home/corum]: !spawn 1234
[xc: /home/corum]: /bin/sh: 1: /dev/shm/otZIatiz: Permission denied

[xc: /home/corum]: !spawn 4545
[xc: /home/corum]: /bin/sh: 1: /dev/shm/QpfqVeYj: Permission denied

[xc: /home/corum]: ls -la /dev/shm
total 10864
drwxrwxrwt  2 root  root      120 Jul 24 13:12 .
drwxr-xr-x 17 root  root     3920 Jul 24 12:36 ..
-rw-r--r--  1 corum corum 2779280 Jul 24 13:12 QpfqVeYj
-rw-r--r--  1 corum corum 2779280 Jul 24 13:12 RDrueXsW
-rw-r--r--  1 corum corum 2779280 Jul 24 13:12 iHkXeDxO
-rw-r--r--  1 corum corum 2779280 Jul 24 13:12 otZIatiz

Love your work and the videos !
Cheers

Hi,

I'm getting some troubles moving into paths containing spaces. I'm not sure where the problem is arised but there is a difference between the physical cmd, and the remote using xc. As example, I cannot access to paths containing blank spaces. I've tried some different approaches and directories but in the end, the result is always de same. I attach an evidence of this.

Thanks for your tool, still not detected by some AVs which is great,
Regards.

Hello!

The forwards configured in a disconnected session are still visible in the automatically reestablished session (using !lsfwd) but aren't functional (no port actually opened on the host).

An index out of range error also arise while attempting to remove forwards that were configured through a disconnected then automatically reestablished session:

The xc binaries were build from sources (build: JLBKqkmIkIWRmmJF).

(There is also no out of bound check in the !rmfwd and the same error arise if an out of range index is specified in a normal setting.)

I came across your fantastic library because it was recently added to tea. That got me thinking, it would be great if xc were aware of tea somehow and could grab a binary on the fly.

Not sure how to build this project. Tried using make. see below. Go is of course installed and I have all the dependencies.

kali@kali:/xc$ ls
client files gen.py load.go Makefile meter plugins README.md scripts server shell utils vulns xc.go
kali@kali:/xc$ sudo make
rm files/keys/host*
rm files/keys/key*
mkdir -p files/keys
yes 'y' | ssh-keygen -t ed25519 -f files/keys/key -q -N ""
yes 'y' | ssh-keygen -f host_dsa -N '' -t dsa -f files/keys/host_dsa -q -N ""
yes 'y' | ssh-keygen -f host_rsa -N '' -t rsa -f files/keys/host_rsa -q -N ""
rm -f xc xc.exe shell/keys.go meter/sc.go
go generate
make: go: No such file or directory
make: *** [Makefile:14: generate] Error 127

Currently signals are just ignored completely. Since there's some programs (pspy64s) that cannot be exited without ctrl+c or other signals, it might be a good idea to instead pass them through to any subprograms.

Ive been testing this out - love it! this is more of a feature request, but the !vuln plugin script gets picked up by AMSI - was wondering if you could implement to run an AMSI bypass first, then run this script?

Perhaps its already doing this, but getting picked up because its dropped to the file system?

Hello,

File: server/server.go Line: 147 , func handleCmd
case utils.Bake("/jyVgMchLLo="):
is equivalent to:
case "download"
the code under the 'case' never runs.
The correct code is:
case "!download":
( in offuscated code, it will be :
case utils.Bake("uzeNmcUiIr9d"):

Same typo with
File: server/server.go Line: 152 , func handleCmd
case utils.Bake("9jWVig=="):
is equivalent to:
case "lfwd"
The correct code is:
case "!lfwd":
( in offuscated code, it will be :
case utils.Bake("uz+Emc8="):

My env: Debian 11, golang 1.17.4, xc server & xc client on the same host.
Thanks for your work. It shows how to use the hashicorp/yamux library efficiently.
Regards

PS: my small and dirty tool joined to this issue

xc_toolbis.go.txt

I'll leave the steps I used to compile this project, at the time of writing with go 1.22.3 (2024).

You'll need to download the sources manually

git clone --depth=1 https://github.com/hashicorp/yamux ~/go/src/github.com/hashicorp/yamux
git clone --depth=1 https://github.com/libp2p/go-reuseport ~/go/src/github.com/libp2p/go-reuseport
git clone --depth=1 https://go.googlesource.com/sys ~/go/src/golang.org/x/sys

And then compile as usual

python3 build.py