![]() ![]() Now, type these two commands:Īnd in our xspy terminal we can see both commands which are illustrated below: We now moved into the victim’s system and opened the terminal. Keylogging: Next, we will be the capturing keystrokes from the victim’s system by using the xspy tool. Type the following command for converting the xwd file to view the screenshot:Īs can be seen below now we can view the captured screenshot: ![]() Once this command is executed, it will save the xwd file in our local system. Xwd –root –screen –silent –display > screenshot.xwd Type the following command to see the target details:Ĭapturing Screenshot: We will be taking a snapshot of the victim’s system by using the xwd tool. This includes details such as window IDs or geometry. xwininfo utility which allows for displaying information about Windows. As can be seen below, Nessus is showing it is vulnerable:Įxploitation: Here we will be using multiple tools. Next, we will run a scan by using the jNessus vulnerability scanner to confirm this issue. The nmap output shows that the X server is allowing access which thus makes it vulnerable to a Cyberattack. This can be done by typing the following command: Next, by using the nmap- script, we will check to determine if our setup is vulnerable or not. Vulnerability Identification: We will start from a basic full port scan against our vulnerable setup, and as can be seen below in the illustration, the x11 is listening on port 6000. Then open the terminal and disable access the control by typing the following command: This is shown in the illustration below :Īfter that restart the lightdm service by using the following command: Once the installation has been completed, go to the /etc/lightdm/ directory and edit the file nf and add xserver-allow-tcp=true. To do this, we need a 14.04 system as can be seen below that we have installed the Ubuntu in VirtualBox. Vulnerable Lab Setup: We will first create a vulnerable X11 server for our testing. X also does not mandate the user interface – individual programs handle this. X provides the basic framework for a GUI based environment. ![]() The X Window System (aka X) is a windowing system for bitmap displays, which is common on UNIX-based operating systems. As a result, a Cyber attacker can gain access to the username and password of a user that is logged onto the remote host. It is even possible for an attacker to grab a screenshot of the remote host and exploit it for malicious purposes. For example, a Cyber attacker can connect to the server to eavesdrop on the keyboard and the mouse of a user utilizing the remote host. However, it is not an entirely secure system. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |