6000 - Pentesting X11
Last updated
Last updated
Learn & practice AWS Hacking: Learn & practice GCP Hacking:
Hacking Insights Engage with content that delves into the thrill and challenges of hacking
Real-Time Hack News Keep up-to-date with fast-paced hacking world through real-time news and insights
Latest Announcements Stay informed with the newest bug bounties launching and crucial platform updates
X Window System (X) is a versatile windowing system prevalent on UNIX-based operating systems. It provides a framework for creating graphical user interfaces (GUIs), with individual programs handling the user interface design. This flexibility allows for diverse and customizable experiences within the X environment.
Default port: 6000
Check for anonymous connection:
MIT-magic-cookie-1: Generating 128bit of key (“cookie”), storing it in ~/.Xauthority (or where XAUTHORITY envvar points to). The client sends it to server plain! the server checks whether it has a copy of this “cookie” and if so, the connection is permitted. the key is generated by DMX.
In order to use the cookie you should set the env var: export XAUTHORITY=/path/to/.Xauthority
In the example, localhost:0
was running xfce4-session.
Sample Output:
First we need to find the ID of the window using xwininfo
XWatchwin
For live viewing we need to use
Other way:
Reverse Shell: Xrdp also allows to take reverse shell via Netcat. Type in the following command:
In the interface you can see the R-shell option.
Then, start a Netcat listener in your local system on port 5555.
Then, put your IP address and port in the R-Shell option and click on R-shell to get a shell
port:6000 x11
Hacking Insights Engage with content that delves into the thrill and challenges of hacking
Real-Time Hack News Keep up-to-date with fast-paced hacking world through real-time news and insights
Latest Announcements Stay informed with the newest bug bounties launching and crucial platform updates
Join server to communicate with experienced hackers and bug bounty hunters!
Join us on and start collaborating with top hackers today!
The file .Xauthority
in the users home folder is used by X11 for authorization. From :
to sniff the keyboard keystrokes.
Way from:
Way from:
Join server to communicate with experienced hackers and bug bounty hunters!
Join us on and start collaborating with top hackers today!
Learn & practice AWS Hacking: Learn & practice GCP Hacking:
Check the !
Join the 💬 or the or follow us on Twitter 🐦 .
Share hacking tricks by submitting PRs to the and github repos.