Skip to content

Commit

Permalink
Update x11.rb
Browse files Browse the repository at this point in the history
  • Loading branch information
@h00die
h00die authored Feb 15, 2024
1 parent c39d046 commit 424c55f
Showing 1 changed file with 79 additions and 48 deletions.
127 changes: 79 additions & 48 deletions lib/msf/core/exploit/remote/x11.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ module Msf::Exploit::Remote::X11
class X11VISUALTYPE < BinData::Record
endian :little
uint32 :visualid
uint8 :class
uint8 :visual_type_classclass
uint8 :bits_per_rgb_value
uint16 :colormap_entries
uint32 :red_mask
Expand All @@ -25,10 +25,10 @@ class X11DEPTHDETAIL < BinData::Record
uint8 :screen_detail_depth
uint8 :unused
uint16 :screen_depth_detail_visualtypes_numbers
uint32 :unused
uint32 :unused1
array :depth_detail,
type: :x11visualtype,
initial_length: screen_depth_detail_visualtypes_numbers
type: :X11VISUALTYPE,
initial_length: :screen_depth_detail_visualtypes_numbers
end

class X11PIXMAPFORMAT < BinData::Record
Expand Down Expand Up @@ -64,8 +64,8 @@ class X11CONNECTION < BinData::Record
uint32 :unused2
string :vendor, read_length: :vendor_length
array :pixmap_formats,
type: :x11pixmapformat,
initial_length: :number_of_formats_in_pixmap_formats
type: :X11PIXMAPFORMAT,
initial_length: :number_of_formats_in_pixmap_formats

# screen subsection
uint32 :screen_root
Expand All @@ -85,8 +85,8 @@ class X11CONNECTION < BinData::Record
uint8 :screen_root_depth
uint8 :screen_allowed_depths_len
array :depth_detail,
type: :x11depthdetail,
initial_length: :screen_allowed_depths_len
type: :X11DEPTHDETAIL,
initial_length: :screen_allowed_depths_len
end

class X11QUERYEXTENSIONRESPONSE < BinData::Record
Expand Down Expand Up @@ -115,6 +115,16 @@ class X11GETPROPERTYRESPONSE < BinData::Record
uint32 :unused2
string :value_data, read_length: -> { value_length }
end

class X11XKBKEYMAPENTRY < BinData::Record
endian :little
uint8 :active
uint8 :mods_mask # bit array, shift, lock, control, 1, 2, 3, 4, 5
uint8 :level
uint8 :mods_mods # bit array, shift, lock, control, 1, 2, 3, 4, 5
uint16 :mods_vmods # bit array, 0-15
uint16 :unused
end

class X11XKBKEYTYPE < BinData::Record
endian :little
Expand All @@ -126,8 +136,32 @@ class X11XKBKEYTYPE < BinData::Record
uint8 :has_preserve
uint8 :unused
# next we have a list of X11XKBKEYMAPENTRY, length is :n_map_entries
# next we have a list of X11XKBKEYSYMENTRY
# next we have a list of X11XKBKEYMODMAP
array :key_map_array,
type: :X11XKBKEYMAPENTRY,
initial_length: :n_map_entries
end

class X11XKBKEYMODMAP < BinData::Record
endian :little
uint8 :keycode
uint8 :mods # bit array, shift, lock, control, 1, 2, 3, 4, 5
end

class X11XKBSYM < BinData::Record
endian :little
uint32 :syms
end

class X11XKBKEYSYMENTRY < BinData::Record
endian :little
uint32 :kt_index
uint8 :group_info
uint8 :width
uint16 :n_syms
# next we have a list of syms, length is n_syms
array :key_sym_array,
type: :X11XKBSYM,
initial_length: :n_syms
end

class X11XKEYBOARDGETMAP < BinData::Record
Expand All @@ -139,22 +173,15 @@ class X11XKEYBOARDGETMAP < BinData::Record
uint16 :unused
uint8 :min_key_code
uint8 :max_key_code
bit1 :present_key_types
bit1 :present_key_syms
bit1 :present_modifier_map
bit1 :present_explicit_components
bit1 :present_key_actions
bit1 :present_key_behaviors
bit1 :present_virtual_mods
bit1 :present_virtual_mod_map
uint16 :presents
uint8 :first_type
uint8 :n_types
uint8 :total_types
uint8 :first_key_sym
uint8 :total_sym
uint16 :total_sym
uint8 :n_key_sym
uint8 :first_key_action
uint8 :total_key_action
uint16 :total_key_action
uint8 :n_key_action
uint8 :first_key_behavior
uint8 :n_key_behavior # yes this order is not like the previous
Expand All @@ -171,41 +198,45 @@ class X11XKEYBOARDGETMAP < BinData::Record
uint8 :unused1
uint8 :virtual_mods # bit array
# next we have a list of X11XKBKEYTYPE, length is :total_types
array :key_types,
type: X11XKBKEYTYPE,
initial_length: total_types
array :key_types_array,
type: :X11XKBKEYTYPE,
initial_length: :n_types
# next we have a list of X11XKBKEYSYMENTRY
array :key_map_array,
type: :X11XKBKEYSYMENTRY,
initial_length: :n_key_sym
# next we have a list of X11XKBKEYMODMAP
array :key_mod_map_array,
type: :X11XKBKEYMODMAP,
initial_length: :n_mod_map_key
uint16 :unused2
end

class X11XKBKEYMAPENTRY < BinData::Record
class X11QUERYKEYMAPREPLY < BinData::Record
endian :little
uint8 :active
uint8 :mods_mask # bit array, shift, lock, control, 1, 2, 3, 4, 5
uint8 :level
uint8 :mods_mods # bit array, shift, lock, control, 1, 2, 3, 4, 5
uint16 :mods_vmods # bit array, 0-15
uint16 :unused
uint8 :reply
uint8 :unused
uint16 :sequence_number
uint32 :reply_length
# byte sequence
array :data,
type: :uint8,
read_until: :eof
end

class X11XKBKEYSYMENTRY < BinData::Record
endian :little
uint32 :kt_index
uint8 :group_info
uint8 :width
uint16 :n_syms
# next we have a list of syms, length is n_syms
# KeyPress event, serial 34, synthetic NO, window 0x2000001,
# root 0x528, subw 0x0, time 690505136, (554,442), root:(661,543),
# state 0x10, keycode 10 (keysym 0x31, 1), same_screen YES,
# XLookupString gives 1 bytes: (31) "1"
# XmbLookupString gives 1 bytes: (31) "1"
# XFilterEvent returns: False

end
# KeyRelease event, serial 37, synthetic NO, window 0x2000001,
# root 0x528, subw 0x0, time 690505246, (554,442), root:(661,543),
# state 0x10, keycode 10 (keysym 0x31, 1), same_screen YES,
# XLookupString gives 1 bytes: (31) "1"
# XFilterEvent returns: False

class X11XKBSYM < BinData::Record
endian :little
uint32 :syms
end

class X11XKBKEYMODMAP < BinData::Record
endian :little
uint8 :keycode
uint8 :mods # bit array, shift, lock, control, 1, 2, 3, 4, 5
end

def process_initial_connection_response(packet)
# print_packet(packet)
Expand Down

0 comments on commit 424c55f

Please sign in to comment.