From 4ff389762d66f07bbb0f332122a9645d4a7d4f99 Mon Sep 17 00:00:00 2001
From: h00die <michaeltcyr@gmail.com>
Date: Wed, 20 Nov 2024 19:35:19 -0500
Subject: [PATCH] xspy updates

---
 lib/rex/proto/x11/window.rb                  |  90 ++---
 modules/auxiliary/gather/x11_keyboard_spy.rb |  21 +-
 modules/auxiliary/scanner/x11/open_x11.rb    |   7 +
 spec/lib/rex/proto/x11/xkeyboard.rb          | 365 +++++++++++++++++++
 4 files changed, 434 insertions(+), 49 deletions(-)

diff --git a/lib/rex/proto/x11/window.rb b/lib/rex/proto/x11/window.rb
index c4a04ed7fd5d..0d6cbcf3b01a 100644
--- a/lib/rex/proto/x11/window.rb
+++ b/lib/rex/proto/x11/window.rb
@@ -191,23 +191,24 @@ class X11GetWindowResponse < BinData::Record
   end
 end
 
-def create_overlay_map(screen_width, screen_height, windows)
-  # Initialize a 2D array to represent the screen
-  screen = Array.new(screen_height) { Array.new(screen_width, nil) }
-  windows.each_with_index do |window, i|
-    puts window.inspect
-    x, y, width, height = window
-    # Mark the visible region occupied by the window
-    (y...y + height).each do |row|
-      (x...x + width).each do |col|
-        screen[row][col] = i
-      end
-    end
-  end
-  screen.each do |row|
-    puts row.join('')
-  end
-end
+# for future use
+# def create_overlay_map(screen_width, screen_height, windows)
+#   # Initialize a 2D array to represent the screen
+#   screen = Array.new(screen_height) { Array.new(screen_width, nil) }
+#   windows.each_with_index do |window, i|
+#     puts window.inspect
+#     x, y, width, height = window
+#     # Mark the visible region occupied by the window
+#     (y...y + height).each do |row|
+#       (x...x + width).each do |col|
+#         screen[row][col] = i
+#       end
+#     end
+#   end
+#   screen.each do |row|
+#     puts row.join('')
+#   end
+# end
 
 class X11Image
   def initialize(width, height, image_data, color_data)
@@ -221,31 +222,32 @@ def self.from_replies(width, height, image_reply, color_reply)
     new(width, height, image_reply.image_data, color_reply.colors)
   end
 
-  def create_image
-    # Extract relevant data from @image_data and @color_data
-    width = @width
-    height = @height
-    pixel_data = @image_data
-    colors = @color_data
-
-    # Create an image object
-    image = ChunkyPNG::Image.new(width, height, ChunkyPNG::Color::TRANSPARENT)
-
-    # Populate image with pixel data and colors
-    pixel_data.each_with_index do |pixel, i|
-      color = colors[pixel]
-      # Set pixel color in the image
-      image[i % width, i / width] = ChunkyPNG::Color.rgb(color.red, color.green, color.blue)
-    end
-    # (0...height).each do |y|
-    #   (0...width).each do |x|
-    #     # Extract color information from the pixel data and set the corresponding pixel in the PNG image
-    #     color = colors[y+x]
-    #     # pixel_color = extract_color_from_z_data(z_data)
-    #     image[x, y] = ChunkyPNG::Color.rgb(color.red, color.green, color.blue)
-    #   end
-    # end
-
-    image
-  end
+  # for future use
+  # def create_image
+  #   # Extract relevant data from @image_data and @color_data
+  #   width = @width
+  #   height = @height
+  #   pixel_data = @image_data
+  #   colors = @color_data
+
+  #   # Create an image object
+  #   image = ChunkyPNG::Image.new(width, height, ChunkyPNG::Color::TRANSPARENT)
+
+  #   # Populate image with pixel data and colors
+  #   pixel_data.each_with_index do |pixel, i|
+  #     color = colors[pixel]
+  #     # Set pixel color in the image
+  #     image[i % width, i / width] = ChunkyPNG::Color.rgb(color.red, color.green, color.blue)
+  #   end
+  #   # (0...height).each do |y|
+  #   #   (0...width).each do |x|
+  #   #     # Extract color information from the pixel data and set the corresponding pixel in the PNG image
+  #   #     color = colors[y+x]
+  #   #     # pixel_color = extract_color_from_z_data(z_data)
+  #   #     image[x, y] = ChunkyPNG::Color.rgb(color.red, color.green, color.blue)
+  #   #   end
+  #   # end
+
+  #   image
+  # end
 end
diff --git a/modules/auxiliary/gather/x11_keyboard_spy.rb b/modules/auxiliary/gather/x11_keyboard_spy.rb
index e0d25d1237f2..cd354b8eb404 100644
--- a/modules/auxiliary/gather/x11_keyboard_spy.rb
+++ b/modules/auxiliary/gather/x11_keyboard_spy.rb
@@ -134,7 +134,11 @@ def run
     @keylogger_print_buffer = ''
 
     vprint_status('Establishing TCP Connection')
-    connect # tcp connection establish
+    begin
+      connect # tcp connection establish
+    rescue Rex::ConnectionError
+      fail_with(Msf::Module::Failure::Unreachable, 'Connection failed')
+    end
     vprint_status('[1/9] Establishing X11 connection')
     connection = x11_connect
 
@@ -208,7 +212,12 @@ def run
     map_raw_data = sock.get_once(-1, 1)
     # for debugging packet output, uncomment following line
     # puts data.bytes.map { |b| "\\x" + b.to_s(16).rjust(2, '0') }.join
-    map_data = X11GetMapReply.read(map_raw_data)
+    begin
+      map_data = X11GetMapReply.read(map_raw_data)
+    rescue EOFError
+      debug_data = map_raw_data.bytes.map { |b| '\\x' + b.to_s(16).rjust(2, '0') }.join
+      fail_with(Msf::Module::Failure::UnexpectedReply, "Unable to process X11GetMapReply response (EOFError): #{debug_data}")
+    end
 
     vprint_status('[8/9] Enabling notification on keyboard and map')
     sock.put(X11SelectEvents.new(xkeyboard_id: xkeyboard_plugin.major_opcode,
@@ -232,13 +241,13 @@ def run
 
     print_good('All setup, watching for keystrokes')
     # loop mechanics stolen from exploit/multi/handler
-    stime = Time.now.to_f
-    print_timer = Time.now.to_f
+    stime = Process.clock_gettime(Process::CLOCK_MONOTONIC)
+    print_timer = Process.clock_gettime(Process::CLOCK_MONOTONIC)
     timeout = datastore['LISTENER_TIMEOUT'].to_i
     printerval = datastore['PRINTERVAL'].to_i
     begin
       loop do
-        break if timeout > 0 && (stime + timeout < Time.now.to_f)
+        break if timeout > 0 && (stime + timeout < Process.clock_gettime(Process::CLOCK_MONOTONIC))
 
         sock.put(X11QueryKeyMapRequest.new.to_binary_s)
         bit_array_of_keystrokes = X11QueryKeyMapReply.read(sock.get_once(-1, 1)).data
@@ -258,6 +267,8 @@ def run
         print_good("X11 Key presses observed: #{@keylogger_print_buffer}")
         @keylogger_print_buffer = ''
       end
+    rescue EOFError
+      print_error('Connection closed by remote host')
     ensure
       vprint_status('Closing X11 connection')
       sock.put(Rex::Proto::X11::X11RequestHeader.new(opcode: 60).to_binary_s +
diff --git a/modules/auxiliary/scanner/x11/open_x11.rb b/modules/auxiliary/scanner/x11/open_x11.rb
index e3c5582967e9..234f53e88ecf 100644
--- a/modules/auxiliary/scanner/x11/open_x11.rb
+++ b/modules/auxiliary/scanner/x11/open_x11.rb
@@ -51,6 +51,13 @@ def run_host(ip)
 
     if connection.header.success == 1
       print_connection_info(connection, ip, rport)
+      report_service(
+        host: rhost,
+        proto: 'tcp',
+        port: rport,
+        info: "Open X Server (#{connection.body.vendor}) #{connection.body.screen_width_in_pixels}x#{connection.body.screen_height_in_pixels}",
+        name: 'X11'
+      )
     else
       vprint_error("#{ip} Access not successful: #{connection.body.reason}")
     end
diff --git a/spec/lib/rex/proto/x11/xkeyboard.rb b/spec/lib/rex/proto/x11/xkeyboard.rb
index e0e57076b925..9321841d2746 100644
--- a/spec/lib/rex/proto/x11/xkeyboard.rb
+++ b/spec/lib/rex/proto/x11/xkeyboard.rb
@@ -354,6 +354,344 @@
     "\x86\x40\xcb\x80\xcd\x08\xce\x40\xcf\x40\x00\x00"
   end
 
+  let(:get_keyboardmap_resp_2) do
+    "\001\003\a\000C\005\000\000\000\000\b\377\a\000\000\034\034\bo\001" \
+    "\370\000\000\000\000\000\000\000\000\000\000\b\370\017\000\000\000" \
+    "\000\000\000\000\000\000\000\001\000\000\000\001\001\000\000\002\001" \
+    "\000\000\001\001\001\001\000\000\000\000\003\003\000\000\002\002\000" \
+    "\000\001\001\001\001\000\000\000\000\001\002\001\002\000\000\000\000" \
+    "\021\001\001\000\002\001\000\000\001\020\001\000\001\000\000\000\t" \
+    "\001\002\000\002\001\000\000\001\t\001\001\002\000\000\000@@\000\000" \
+    "\002\001\000\000\001@\001@\000\000\000\000\004\004\000\000\002\001" \
+    "\000\000\001\004\001\004\000\000\000\000\000\000@\000\002\001\000" \
+    "\000\000\000\001\000@\000\000\000\000\000 \000\002\001\000\000\000" \
+    "\000\001\000 \000\000\000\b\000\002\000\002\001\000\000\001\b\001" \
+    "\000\002\000\000\000\000\000\b\000\002\001\000\000\000\000\001\000" \
+    "\b\000\000\000\000\000\020\000\002\001\000\000\000\000\001\000\020" \
+    "\000\000\000\215\005\006\000\005\004\001\000\001\001\001\001\000\000" \
+    "\000\000\001\200\002\000\004\000\000\000\001\201\003\001\004\000\000" \
+    "\000\001\f\004\004\002\000\000\000\001\001\000\000\000\000\000\000\001" \
+    "\001\000\000\000\000\000\000\207\a\004\000\b\016\000\000\001\001\001\001" \
+    "\000\000\000\000\001\002\001\002\000\000\000\000\001\200\002\000\004\000" \
+    "\000\000\001\203\002\003\004\000\000\000\001\201\003\001\004\000\000\000" \
+    "\001\202\003\002\004\000\000\000\001\004\004\004\000\000\000\000\001\a" \
+    "\004\a\000\000\000\000\001\005\005\005\000\000\000\000\001\006\005\006" \
+    "\000\000\000\000\001\204\006\004\004\000\000\000\001\207\006\a\004\000" \
+    "\000\000\001\205\a\005\004\000\000\000\001\206\a\006\004\000\000\000" \
+    "\201\001\004\000\003\003\000\000\001\001\001\001\000\000\000\000\001" \
+    "\200\002\000\004\000\000\000\001\201\002\001\004\000\000\000\201\001" \
+    "\004\001\b\a\000\000\001\001\001\001\000\000\000\000\001\200\002\000" \
+    "\004\000\000\000\001\201\003\001\004\000\000\000\000\000\004\000\000" \
+    "\001\000\000\000\001\005\001\000\001\000\000\001\200\006\000\004\001" \
+    "\000\000\001\201\a\001\004\001\000\000\203\003\004\001\b\r\000\000" \
+    "\001\001\001\001\000\000\000\000\001\002\001\002\000\000\000\000\001" \
+    "\200\002\000\004\000\000\000\001\201\003\001\004\000\000\000\001\202" \
+    "\003\002\004\000\000\000\001\203\002\003\004\000\000\000\000\000\004" \
+    "\000\000\001\000\000\000\001\005\001\000\001\000\000\000\002\005\002" \
+    "\000\001\000\000\001\200\006\000\004\001\000\000\001\201\a\001\004" \
+    "\001\000\000\001\202\a\002\004\001\000\000\001\203\006\003\004\001" \
+    "\000\000\223\003\005\001\b\034\001\000\001\001\001\001\000\000\000" \
+    "\000\001\200\002\000\004\000\000\000\001\201\003\001\004\000\000" \
+    "\000\000\000\004\000\000\001\000\000\000\001\005\001\000\001\000" \
+    "\000\001\200\006\000\004\001\000\000\001\201\a\001\004\001\000\000" \
+    "\001\020\004\000\001\000\000\000\001\021\005\001\001\000\000\000" \
+    "\001\220\006\000\005\000\000\000\001\221\a\001\005\000\000\000\001" \
+    "\021\001\001\001\001\000\000\001\220\002\000\005\001\000\000\001" \
+    "\221\003\001\005\001\000\000\001\003\001\003\000\000\000\000\001" \
+    "\202\002\002\004\000\000\000\001\203\003\003\004\000\000\000\000" \
+    "\002\004\002\000\001\000\000\000\003\005\003\000\001\000\000\001" \
+    "\202\006\002\004\001\000\000\001\203\a\003\004\001\000\000\001" \
+    "\022\004\002\001\000\000\000\001\023\005\003\001\000\000\000" \
+    "\001\222\006\002\005\000\000\000\001\223\a\003\005\000\000\000" \
+    "\001\023\001\003\001\001\000\000\001\222\002\002\005\001\000\000" \
+    "\001\223\003\003\005\001\000\000\000\000\000\000\000\000\000\000" \
+    "\000\000\000\000\000\000\000\000\001\001\000\000\000\000\000\000" \
+    "\000\000\000\000\000\000\000\000\001\001\000\000\000\000\000\000" \
+    "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" \
+    "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" \
+    "\001\001\000\000\000\000\000\000\000\000\000\000\000\000\000\000" \
+    "\001\001\000\000\000\000\000\000\000\000\000\000\000\000\000\000" \
+    "\000\000\000\000\000\000\000\000\223\003\005\001\b\034\001\000" \
+    "\001\001\001\001\000\000\000\000\001\200\002\000\004\000\000\000" \
+    "\001\201\003\001\004\000\000\000\000\000\004\000\000\001\000\000" \
+    "\000\001\005\001\000\001\000\000\001\200\006\000\004\001\000\000" \
+    "\001\201\a\001\004\001\000\000\001\020\004\000\001\000\000\000" \
+    "\001\021\005\001\001\000\000\000\001\220\006\000\005\000\000\000" \
+    "\001\221\a\001\005\000\000\000\001\021\001\001\001\001\000\000" \
+    "\001\220\002\000\005\001\000\000\001\221\003\001\005\001\000\000" \
+    "\001\002\001\002\000\000\000\000\001\202\002\002\004\000\000\000" \
+    "\001\203\003\003\004\000\000\000\000\002\004\002\000\001\000\000" \
+    "\000\003\005\003\000\001\000\000\001\202\006\002\004\001\000\000" \
+    "\001\203\a\003\004\001\000\000\001\022\004\002\001\000\000\000" \
+    "\001\023\005\003\001\000\000\000\001\222\006\002\005\000\000\000" \
+    "\001\223\a\003\005\000\000\000\001\022\001\002\001\001\000\000" \
+    "\001\222\003\002\005\001\000\000\001\223\002\003\005\001\000\000" \
+    "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" \
+    "\001\001\000\000\000\000\000\000\000\000\000\000\000\000\000\000" \
+    "\001\001\000\000\000\000\000\000\000\000\000\000\000\000\000\000" \
+    "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" \
+    "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" \
+    "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" \
+    "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" \
+    "\203\003\004\001\b\016\001\000\001\001\001\001\000\000\000\000" \
+    "\001\002\001\002\000\000\000\000\001\200\002\000\004\000\000\000" \
+    "\001\201\003\001\004\000\000\000\001\202\002\002\004\000\000\000" \
+    "\001\203\003\003\004\000\000\000\000\000\004\000\000\001\000\000" \
+    "\000\001\005\001\000\001\000\000\000\002\005\002\000\001\000\000" \
+    "\000\003\005\003\000\001\000\000\001\200\006\000\004\001\000\000" \
+    "\001\201\a\001\004\001\000\000\001\202\006\002\004\001\000\000" \
+    "\001\203\a\003\004\001\000\000\000\000\000\000\000\000\000\000" \
+    "\000\000\000\000\000\000\000\000\002\002\000\000\002\002\000\000" \
+    "\000\000\000\000\000\000\000\000\002\002\000\000\002\002\000\000" \
+    "\000\000\000\000\000\000\000\000\002\002\000\000\002\002\000\000" \
+    "\201\001\004\000\004\003\000\000\001\001\001\001\000\000\000\000" \
+    "\001\200\002\000\004\000\000\000\001\201\003\001\004\000\000\000" \
+    "\203\003\004\000\004\006\000\000\001\001\001\001\000\000\000\000" \
+    "\001\002\001\002\000\000\000\000\001\200\002\000\004\000\000\000" \
+    "\001\201\003\001\004\000\000\000\001\202\003\002\004\000\000\000" \
+    "\001\203\002\003\004\000\000\000\203\003\004\000\004\006\001\000" \
+    "\001\001\001\001\000\000\000\000\001\002\001\002\000\000\000\000" \
+    "\001\200\002\000\004\000\000\000\001\201\003\001\004\000\000\000" \
+    "\001\202\002\002\004\000\000\000\001\203\003\003\004\000\000\000" \
+    "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" \
+    "\002\002\000\000\002\002\000\000\221\001\005\000\004\006\000\000" \
+    "\001\020\001\000\001\000\000\000\001\001\001\001\000\000\000\000" \
+    "\001\200\002\000\004\000\000\000\001\220\002\000\005\000\000\000" \
+    "\001\201\003\001\004\000\000\000\001\221\003\001\005\000\000\000" \
+    "\215\005\006\000\004\003\000\000\001\200\001\000\004\000\000\000" \
+    "\001\201\002\001\004\000\000\000\001\f\003\004\002\000\000\000" \
+    "\203\003\004\000\004\006\001\000\001\001\001\001\000\000\000\000" \
+    "\001\002\003\002\000\000\000\000\001\200\002\000\004\000\000\000" \
+    "\001\201\003\001\004\000\000\000\001\202\002\002\004\000\000\000" \
+    "\001\203\002\003\004\000\000\000\000\000\000\000\002\002\000\000" \
+    "\000\000\000\000\000\000\000\000\002\002\000\000\000\000\000\000" \
+    "\203\003\004\000\005\a\000\000\001\001\001\001\000\000\000\000" \
+    "\001\200\002\000\004\000\000\000\001\201\003\001\004\000\000\000" \
+    "\001\002\004\002\000\000\000\000\001\003\001\003\000\000\000\000" \
+    "\001\202\002\002\004\000\000\000\001\203\003\003\004\000\000\000" \
+    "\221\001\005\000\004\006\000\000\001\001\001\001\000\000\000\000" \
+    "\001\020\001\000\001\000\000\000\001\200\002\000\004\000\000\000" \
+    "\001\201\003\001\004\000\000\000\001\220\003\000\005\000\000\000" \
+    "\001\221\002\001\005\000\000\000\000\000\000\000\000\000\000\000" \
+    "\000\000\000\000\001\001\001\000\033\377\000\000\001\000\000\000" \
+    "\001\002\002\0001\000\000\000!\000\000\000\001\000\000\000\001" \
+    "\002\002\0002\000\000\000@\000\000\000\001\000\000\000\001\002" \
+    "\002\0003\000\000\000#\000\000\000\001\000\000\000\001\002\002" \
+    "\0004\000\000\000$\000\000\000\001\000\000\000\001\002\002\0005" \
+    "\000\000\000%\000\000\000\001\000\000\000\001\002\002\0006\000" \
+    "\000\000^\000\000\000\001\000\000\000\001\002\002\0007\000\000" \
+    "\000&\000\000\000\001\000\000\000\001\002\002\0008\000\000\000*" \
+    "\000\000\000\001\000\000\000\001\002\002\0009\000\000\000(\000" \
+    "\000\000\001\000\000\000\001\002\002\0000\000\000\000)\000\000" \
+    "\000\001\000\000\000\001\002\002\000-\000\000\000_\000\000\000" \
+    "\001\000\000\000\001\002\002\000=\000\000\000+\000\000\000\001" \
+    "\000\000\000\001\002\002\000\b\377\000\000\b\377\000\000\001\000" \
+    "\000\000\001\002\002\000\t\377\000\000 \376\000\000\002\000\000" \
+    "\000\001\002\002\000q\000\000\000Q\000\000\000\002\000\000\000" \
+    "\001\002\002\000w\000\000\000W\000\000\000\002\000\000\000\001" \
+    "\002\002\000e\000\000\000E\000\000\000\002\000\000\000\001\002" \
+    "\002\000r\000\000\000R\000\000\000\002\000\000\000\001\002\002" \
+    "\000t\000\000\000T\000\000\000\002\000\000\000\001\002\002\000y" \
+    "\000\000\000Y\000\000\000\002\000\000\000\001\002\002\000u\000" \
+    "\000\000U\000\000\000\002\000\000\000\001\002\002\000i\000\000" \
+    "\000I\000\000\000\002\000\000\000\001\002\002\000o\000\000\000O" \
+    "\000\000\000\002\000\000\000\001\002\002\000p\000\000\000P\000" \
+    "\000\000\001\000\000\000\001\002\002\000[\000\000\000{\000\000" \
+    "\000\001\000\000\000\001\002\002\000]\000\000\000}\000\000\000" \
+    "\000\000\000\000\001\001\001\000\r\377\000\000\000\000\000\000" \
+    "\001\001\001\000\343\377\000\000\002\000\000\000\001\002\002" \
+    "\000a\000\000\000A\000\000\000\002\000\000\000\001\002\002\000s" \
+    "\000\000\000S\000\000\000\002\000\000\000\001\002\002\000d\000" \
+    "\000\000D\000\000\000\002\000\000\000\001\002\002\000f\000\000" \
+    "\000F\000\000\000\002\000\000\000\001\002\002\000g\000\000\000G" \
+    "\000\000\000\002\000\000\000\001\002\002\000h\000\000\000H\000" \
+    "\000\000\002\000\000\000\001\002\002\000j\000\000\000J\000\000" \
+    "\000\002\000\000\000\001\002\002\000k\000\000\000K\000\000\000" \
+    "\002\000\000\000\001\002\002\000l\000\000\000L\000\000\000\001" \
+    "\000\000\000\001\002\002\000;\000\000\000:\000\000\000\001\000" \
+    "\000\000\001\002\002\000'\000\000\000\"\000\000\000\001\000\000" \
+    "\000\001\002\002\000`\000\000\000~\000\000\000\000\000\000\000" \
+    "\001\001\001\000\341\377\000\000\001\000\000\000\001\002\002\000" \
+    "\\\000\000\000|\000\000\000\002\000\000\000\001\002\002\000z\000" \
+    "\000\000Z\000\000\000\002\000\000\000\001\002\002\000x\000\000" \
+    "\000X\000\000\000\002\000\000\000\001\002\002\000c\000\000\000C" \
+    "\000\000\000\002\000\000\000\001\002\002\000v\000\000\000V\000" \
+    "\000\000\002\000\000\000\001\002\002\000b\000\000\000B\000\000" \
+    "\000\002\000\000\000\001\002\002\000n\000\000\000N\000\000\000" \
+    "\002\000\000\000\001\002\002\000m\000\000\000M\000\000\000\001" \
+    "\000\000\000\001\002\002\000,\000\000\000<\000\000\000\001\000" \
+    "\000\000\001\002\002\000.\000\000\000>\000\000\000\001\000\000" \
+    "\000\001\002\002\000/\000\000\000?\000\000\000\000\000\000\000" \
+    "\001\001\001\000\342\377\000\000\f\000\000\000\001\005\005\000" \
+    "\252\377\000\000\252\377\000\000\252\377\000\000\252\377\000" \
+    "\000!\376\b\020\001\000\000\000\001\002\002\000\351\377\000\000" \
+    "\347\377\000\000\000\000\000\000\001\001\001\000 \000\000\000" \
+    "\000\000\000\000\001\001\001\000\345\377\000\000\f\000\000\000" \
+    "\001\005\005\000\276\377\000\000\276\377\000\000\276\377\000" \
+    "\000\276\377\000\000\001\376\b\020\f\000\000\000\001\005\005" \
+    "\000\277\377\000\000\277\377\000\000\277\377\000\000\277\377" \
+    "\000\000\002\376\b\020\f\000\000\000\001\005\005\000\300\377" \
+    "\000\000\300\377\000\000\300\377\000\000\300\377\000\000\003" \
+    "\376\b\020\f\000\000\000\001\005\005\000\301\377\000\000\301" \
+    "\377\000\000\301\377\000\000\301\377\000\000\004\376\b\020\f" \
+    "\000\000\000\001\005\005\000\302\377\000\000\302\377\000\000" \
+    "\302\377\000\000\302\377\000\000\005\376\b\020\f\000\000\000" \
+    "\001\005\005\000\303\377\000\000\303\377\000\000\303\377\000" \
+    "\000\303\377\000\000\006\376\b\020\f\000\000\000\001\005\005" \
+    "\000\304\377\000\000\304\377\000\000\304\377\000\000\304\377" \
+    "\000\000\a\376\b\020\f\000\000\000\001\005\005\000\305\377" \
+    "\000\000\305\377\000\000\305\377\000\000\305\377\000\000\b" \
+    "\376\b\020\f\000\000\000\001\005\005\000\306\377\000\000\306" \
+    "\377\000\000\306\377\000\000\306\377\000\000\t\376\b\020\f" \
+    "\000\000\000\001\005\005\000\307\377\000\000\307\377\000\000" \
+    "\307\377\000\000\307\377\000\000\n\376\b\020\000\000\000\000" \
+    "\001\001\001\000\177\377\000\000\000\000\000\000\001\001\001" \
+    "\000\024\377\000\000\003\000\000\000\001\002\002\000\225\377" \
+    "\000\000\267\377\000\000\003\000\000\000\001\002\002\000\227" \
+    "\377\000\000\270\377\000\000\003\000\000\000\001\002\002\000" \
+    "\232\377\000\000\271\377\000\000\f\000\000\000\001\005\005" \
+    "\000\255\377\000\000\255\377\000\000\255\377\000\000\255" \
+    "\377\000\000#\376\b\020\003\000\000\000\001\002\002\000\226" \
+    "\377\000\000\264\377\000\000\003\000\000\000\001\002\002" \
+    "\000\235\377\000\000\265\377\000\000\003\000\000\000\001" \
+    "\002\002\000\230\377\000\000\266\377\000\000\f\000\000\000" \
+    "\001\005\005\000\253\377\000\000\253\377\000\000\253\377" \
+    "\000\000\253\377\000\000\"\376\b\020\003\000\000\000\001" \
+    "\002\002\000\234\377\000\000\261\377\000\000\003\000\000" \
+    "\000\001\002\002\000\231\377\000\000\262\377\000\000\003" \
+    "\000\000\000\001\002\002\000\233\377\000\000\263\377\000" \
+    "\000\003\000\000\000\001\002\002\000\236\377\000\000\260" \
+    "\377\000\000\003\000\000\000\001\002\002\000\237\377\000" \
+    "\000\256\377\000\000\000\000\000\000\001\001\001\000\003" \
+    "\376\000\000\000\000\000\000\000\000\000\000\024\000\000" \
+    "\000\001\004\004\000<\000\000\000>\000\000\000|\000\000" \
+    "\000\246\000\000\000\f\000\000\000\001\005\005\000\310" \
+    "\377\000\000\310\377\000\000\310\377\000\000\310\377\000" \
+    "\000\v\376\b\020\f\000\000\000\001\005\005\000\311\377" \
+    "\000\000\311\377\000\000\311\377\000\000\311\377\000\000" \
+    "\f\376\b\020\000\000\000\000\000\000\000\000\000\000\000" \
+    "\000\001\001\001\000&\377\000\000\000\000\000\000\001" \
+    "\001\001\000%\377\000\000\000\000\000\000\001\001\001" \
+    "\000#\377\000\000\000\000\000\000\001\001\001\000'\377" \
+    "\000\000\000\000\000\000\001\001\001\000\"\377\000\000" \
+    "\000\000\000\000\000\000\000\000\000\000\000\000\001" \
+    "\001\001\000\215\377\000\000\000\000\000\000\001\001" \
+    "\001\000\344\377\000\000\f\000\000\000\001\005\005\000" \
+    "\257\377\000\000\257\377\000\000\257\377\000\000\257" \
+    "\377\000\000 \376\b\020\t\000\000\000\001\002\002\000a" \
+    "\377\000\000\025\377\000\000\001\000\000\000\001\002" \
+    "\002\000\352\377\000\000\350\377\000\000\000\000\000" \
+    "\000\001\001\001\000\n\377\000\000\000\000\000\000\001" \
+    "\001\001\000P\377\000\000\000\000\000\000\001\001\001" \
+    "\000R\377\000\000\000\000\000\000\001\001\001\000U\377" \
+    "\000\000\000\000\000\000\001\001\001\000Q\377\000\000" \
+    "\000\000\000\000\001\001\001\000S\377\000\000\000\000" \
+    "\000\000\001\001\001\000W\377\000\000\000\000\000\000" \
+    "\001\001\001\000T\377\000\000\000\000\000\000\001\001" \
+    "\001\000V\377\000\000\000\000\000\000\001\001\001\000c" \
+    "\377\000\000\000\000\000\000\001\001\001\000\377\377" \
+    "\000\000\000\000\000\000\000\000\000\000\000\000\000" \
+    "\000\001\001\001\000\022\377\b\020\000\000\000\000\001" \
+    "\001\001\000\021\377\b\020\000\000\000\000\001\001\001" \
+    "\000\023\377\b\020\000\000\000\000\001\001\001\000*" \
+    "\377\b\020\000\000\000\000\001\001\001\000\275\377\000" \
+    "\000\000\000\000\000\001\001\001\000\261\000\000\000" \
+    "\006\000\000\000\001\002\002\000\023\377\000\000k\377" \
+    "\000\000\000\000\000\000\001\001\001\000J\377\b\020" \
+    "\003\000\000\000\001\002\002\000\256\377\000\000\256" \
+    "\377\000\000\000\000\000\000\001\001\001\0001\377\000" \
+    "\000\000\000\000\000\001\001\001\0004\377\000\000\000" \
+    "\000\000\000\000\000\000\000\000\000\000\000\001\001" \
+    "\001\000\353\377\000\000\000\000\000\000\001\001\001" \
+    "\000\354\377\000\000\000\000\000\000\001\001\001\000g" \
+    "\377\000\000\000\000\000\000\001\001\001\000i\377\000" \
+    "\000\000\000\000\000\001\001\001\000f\377\000\000\000\000\000" \
+    "\000\001\001\001\000p\377\005\020\000\000\000\000\001\001\001" \
+    "\000e\377\000\000\000\000\000\000\001\001\001\000q\377\005\020" \
+    "\000\000\000\000\001\001\001\000W\377\b\020\000\000\000\000\001" \
+    "\001\001\000k\377\b\020\000\000\000\000\001\001\001\000m\377\b" \
+    "\020\000\000\000\000\001\001\001\000h\377\000\000\000\000\000" \
+    "\000\001\001\001\000X\377\b\020\000\000\000\000\001\001\001\000" \
+    "j\377\000\000\000\000\000\000\001\001\001\000e\377\b\020\000\000" \
+    "\000\000\001\001\001\000\035\377\b\020\000\000\000\000\000\000" \
+    "\000\000\000\000\000\000\001\001\001\000/\377\b\020\000\000\000" \
+    "\000\001\001\001\000+\377\b\020\000\000\000\000\001\001\001\000" \
+    "]\377\b\020\000\000\000\000\001\001\001\000{\377\b\020\000\000" \
+    "\000\000\000\000\000\000\000\000\000\000\001\001\001\000\212" \
+    "\377\b\020\000\000\000\000\001\001\001\000A\377\b\020\000\000" \
+    "\000\000\001\001\001\000B\377\b\020\000\000\000\000\001\001" \
+    "\001\000.\377\b\020\000\000\000\000\001\001\001\000Z\377\b" \
+    "\020\000\000\000\000\001\001\001\000-\377\b\020\000\000\000" \
+    "\000\001\001\001\000t\377\b\020\000\000\000\000\001\001\001" \
+    "\000\177\377\b\020\000\000\000\000\001\001\001\000\031\377\b" \
+    "\020\000\000\000\000\001\001\001\0000\377\b\020\000\000\000\000" \
+    "\001\001\001\0003\377\b\020\000\000\000\000\001\001\001\000&" \
+    "\377\b\020\000\000\000\000\001\001\001\000'\377\b\020\000\000" \
+    "\000\000\000\000\000\000\000\000\000\000\001\001\001\000,\377" \
+    "\b\020\000\000\000\000\001\001\001\000,\377\b\020\000\000\000" \
+    "\000\001\001\001\000\027\377\b\020\001\000\000\000\001\002\002" \
+    "\000\024\377\b\0201\377\b\020\000\000\000\000\001\001\001\000" \
+    "\026\377\b\020\001\000\000\000\001\002\002\000\025\377\b\020," \
+    "\377\b\020\000\000\000\000\001\001\001\000\034\377\b\020\000" \
+    "\000\000\000\001\001\001\000>\377\b\020\000\000\000\000\001" \
+    "\001\001\000n\377\b\020\000\000\000\000\000\000\000\000\000\000" \
+    "\000\000\001\001\001\000\201\377\b\020\000\000\000\000\001\001" \
+    "\001\000\030\377\b\020\000\000\000\000\001\001\001\000s\377\b" \
+    "\020\000\000\000\000\001\001\001\000V\377\b\020\000\000\000\000" \
+    "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" \
+    "\000\001\001\001\000x\377\b\020\000\000\000\000\001\001\001\000" \
+    "y\377\b\020\000\000\000\000\001\001\001\000(\000\000\000\000\000" \
+    "\000\000\001\001\001\000)\000\000\000\000\000\000\000\001\001" \
+    "\001\000h\377\b\020\000\000\000\000\001\001\001\000f\377\000\000" \
+    "\000\000\000\000\001\001\001\000\201\377\b\020\000\000\000\000" \
+    "\001\001\001\000E\377\b\020\000\000\000\000\001\001\001\000F\377" \
+    "\b\020\000\000\000\000\001\001\001\000G\377\b\020\000\000\000\000" \
+    "\001\001\001\000H\377\b\020\000\000\000\000\001\001\001\000I\377\b" \
+    "\020\000\000\000\000\000\000\000\000\000\000\000\000\001\001\001" \
+    "\000\262\377\b\020\000\000\000\000\001\001\001\000\251\377\b\020" \
+    "\000\000\000\000\001\001\001\000\260\377\b\020\000\000\000\000\001" \
+    "\001\001\000\261\377\b\020\000\000\000\000\000\000\000\000\000\000" \
+    "\000\000\001\001\001\000~\377\000\000\001\000\000\000\001\002\002" \
+    "\000\000\000\000\000\351\377\000\000\001\000\000\000\001\002\002" \
+    "\000\000\000\000\000\347\377\000\000\001\000\000\000\001\002\002" \
+    "\000\000\000\000\000\353\377\000\000\001\000\000\000\001\002\002" \
+    "\000\000\000\000\000\355\377\000\000\000\000\000\000\001\001\001" \
+    "\000\024\377\b\020\000\000\000\000\001\001\001\0001\377\b\020\000" \
+    "\000\000\000\001\001\001\000C\377\b\020\000\000\000\000\001\001" \
+    "\001\000D\377\b\020\000\000\000\000\001\001\001\000K\377\b\020" \
+    "\000\000\000\000\001\001\001\000\247\377\b\020\000\000\000\000" \
+    "\001\001\001\000V\377\b\020\000\000\000\000\001\001\001\000\024" \
+    "\377\b\020\000\000\000\000\001\001\001\000\227\377\b\020\000\000" \
+    "\000\000\000\000\000\000\000\000\000\000\001\001\001\000a\377\000" \
+    "\000\000\000\000\000\000\000\000\000\000\000\000\000\001\001\001" \
+    "\000\217\377\b\020\000\000\000\000\001\001\001\000\266\377\b\020" \
+    "\000\000\000\000\000\000\000\000\000\000\000\000\001\001\001\000" \
+    "\031\377\b\020\000\000\000\000\001\001\001\000\216\377\b\020\000" \
+    "\000\000\000\001\001\001\000\033\377\b\020\000\000\000\000\001" \
+    "\001\001\000_\377\b\020\000\000\000\000\001\001\001\000<\377\b" \
+    "\020\000\000\000\000\001\001\001\000^\377\b\020\000\000\000\000" \
+    "\001\001\001\0006\377\b\020\000\000\000\000\000\000\000\000\000" \
+    "\000\000\000\001\001\001\000i\377\000\000\000\000\000\000\001\001" \
+    "\001\000\003\377\b\020\000\000\000\000\001\001\001\000\002\377\b" \
+    "\020\000\000\000\000\001\001\001\0002\377\b\020\000\000\000\000" \
+    "\001\001\001\000Y\377\b\020\000\000\000\000\001\001\001\000\004" \
+    "\377\b\020\000\000\000\000\001\001\001\000\006\377\b\020\000\000" \
+    "\000\000\001\001\001\000\005\377\b\020\000\000\000\000\001\001" \
+    "\001\000{\377\b\020\000\000\000\000\001\001\001\000r\377\b\020" \
+    "\000\000\000\000\001\001\001\000\220\377\b\020\000\000\000\000" \
+    "\001\001\001\000w\377\b\020\000\000\000\000\001\001\001\000[\377" \
+    "\b\020\000\000\000\000\001\001\001\000\223\377\b\020\000\000\000" \
+    "\000\001\001\001\000\224\377\b\020\000\000\000\000\001\001\001" \
+    "\000\225\377\b\020\000\000\000\000\001\001\001\000\226\377\b" \
+    "\020\000\000\000\000\000\000\000\000\000\000\000\000\001\001\001" \
+    "\000\"\376\b\020\000\000\000\000\001\001\001\000#\376\b\020\000" \
+    "\000\000\000\001\001\001\000\a\377\b\020\000\000\000\000\001\001" \
+    "\001\000\364\020\b\020\000\000\000\000\001\001\001\000\365\020\b" \
+    "\020\000\000\000\000\001\001\001\000\264\377\b\020\000\000\000" \
+    "\000\001\001\001\000\265\377\b\020%\0042\001>\001@\bB\002M\020" \
+    "\\\200i\004l\b\205@\206@\313\200\315\b\316@\317@\000\000"
+  end
+
   let(:get_querykeymap_resp) do
     "\x01\x00\x0f\x25\x02\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00" \
     "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" \
@@ -410,6 +748,33 @@
         expect(response.key_mod_map_array[14].keycode).to eq(207)
         expect(response.key_mod_map_array[14].mods).to eq(64)
       end
+
+      # this was a crash case from https://github.com/rapid7/metasploit-framework/pull/18877#issuecomment-2445152666
+      it do
+        response = Rex::Proto::X11::Xkeyboard::X11GetMapReply.read(get_keyboardmap_resp_2)
+        expect(response.min_key_code).to eq(8)
+        expect(response.max_key_code).to eq(255)
+
+        expect(response.n_types).to eq(28)
+        expect(response.key_types_array.length).to eq(28)
+        # spot check a few of the key_types_array items
+        expect(response.key_types_array[12].mods_mask).to eq(141)
+        expect(response.key_types_array[12].key_map_array.length).to eq(4)
+        expect(response.key_types_array[12].key_mods_array.length).to eq(4)
+        expect(response.key_types_array[13].mods_mask).to eq(135)
+        expect(response.key_types_array[13].key_map_array.length).to eq(14)
+
+        expect(response.n_key_sym).to eq(248)
+        # spot check a few of the key_map_array items
+        expect(response.key_map_array[247].key_sym_array[0]).to eq(269025205)
+
+        expect(response.total_mod_map_key).to eq(15)
+        # spot check a few of the key_mod_map_array items
+        expect(response.key_mod_map_array[0].keycode).to eq(37)
+        expect(response.key_mod_map_array[0].mods).to eq(4)
+        expect(response.key_mod_map_array[14].keycode).to eq(207)
+        expect(response.key_mod_map_array[14].mods).to eq(64)
+      end
     end
   end