Pivoting (SOCKS5)
Pivoting (SOCKS5)
Section titled “Pivoting (SOCKS5)”XoloC2 beacons include a built-in SOCKS5 proxy multiplexed over the existing HTTPS polling channel. No extra tools or binaries are needed on the target.
How it works
Section titled “How it works”When you start a tunnel, the beacon opens a local SOCKS5 listener on the XoloC2 server. Traffic sent to that port is forwarded through the beacon to the target’s network.
Your tool -> SOCKS5 (C2 server:1080) -> Beacon -> Target networkStarting a tunnel
Section titled “Starting a tunnel”In the session panel, click SOCKS5 Tunnel, set a local port (default 1080), and click Start. Or send the command manually:
__tunnel__ 1080Stopping the tunnel
Section titled “Stopping the tunnel”__tunnel__ stopUsing with proxychains
Section titled “Using with proxychains”socks5 127.0.0.1 1080
proxychains4 nmap -sT -Pn 192.168.1.0/24proxychains4 curl http://internal-host/proxychains4 ssh user@192.168.1.10Using with other tools
Section titled “Using with other tools”Any SOCKS5-aware tool works:
# curlcurl --socks5 127.0.0.1:1080 http://internal-host/
# gitGIT_SSH_COMMAND='ssh -o ProxyCommand="nc -x 127.0.0.1:1080 %h %p"' git clone ...
# Burp Suite# Proxy -> Options -> SOCKS Proxy -> 127.0.0.1:1080Multiple concurrent tunnels
Section titled “Multiple concurrent tunnels”You can run simultaneous tunnels on different ports from different sessions:
# Session A (subnet 192.168.1.0/24)__tunnel__ 1080
# Session B (subnet 10.10.10.0/24)__tunnel__ 1081- The tunnel supports multiple concurrent TCP channels through a single beacon connection
- Tunnel state is shown in real time in the session panel
- UDP is not supported (SOCKS5 UDP ASSOCIATE is not implemented)