Further x11 updates

h00die · Jul 11, 2024 · 04f4990 · 04f4990
1 parent ea0d400
commit 04f4990
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 16 deletions.
diff --git a/documentation/modules/auxiliary/gather/x11_keyboard_spy.md b/documentation/modules/auxiliary/gather/x11_keyboard_spy.md
@@ -101,11 +101,15 @@ Getting X11 to listen on a TCP port is rather taxing, so we use socat to facilit
 
 ## Options
 
-### ListenerTimeout
+### LISTENER_TIMEOUT
 
 How many seconds to keylog for.
 If set to `0`, wait forever. Defaults to `600`, 10 minutes.
 
+### PRINTERVAL
+
+The interval to print keylogs in seconds. Defaults to `60`.
+
 ## Scenarios
 
 ### Ubuntu 22.04

diff --git a/lib/rex/proto/x11/window.rb b/lib/rex/proto/x11/window.rb
@@ -210,19 +210,23 @@ def create_overlay_map(screen_width, screen_height, windows)
 end
 
 class X11Image
-  def initialize(width, height, image_reply, color_reply)
-    @width = width
-    @height = height
-    @image_reply = image_reply
-    @color_reply = color_reply
+  def initialize(width, height, image_data, color_data)
+    @width = width # integer, 1024 in 1024×768
+    @height = height # integer, 768 in 1024×768
+    @image_data = image_data # from X11GetImageResponse
+    @color_data = color_data # from X11GetColorsResponse
+  end
+
+  self.from_replies(width, height, image_reply, color_reply)
+    self.new(width, height, image_reply.image_data, color_reply.colors)
   end
 
   def create_image
-    # Extract relevant data from @image_reply and @color_reply
+    # Extract relevant data from @image_data and @color_data
     width = @width
     height = @height
-    pixel_data = @image_reply.image_data
-    colors = @color_reply.colors
+    pixel_data = @image_data
+    colors = @color_data
 
     # Create an image object
     image = ChunkyPNG::Image.new(width, height, ChunkyPNG::Color::TRANSPARENT)

diff --git a/lib/rex/proto/x11/xkeyboard.rb b/lib/rex/proto/x11/xkeyboard.rb
@@ -15,9 +15,7 @@ class X11KeyModMap < BinData::Record
   end
 
   # https://xcb.freedesktop.org/manual/structxcb__xkb__key__sym__map__iterator__t.html
-  class X11Sym < BinData::Record
-    endian :little
-    uint32 :syms
+  class X11Sym < BinData::Uint32le
   end
 
   # https://xcb.freedesktop.org/manual/structxcb__xkb__key__sym__map__t.html

diff --git a/modules/auxiliary/gather/x11_keyboard_spy.rb b/modules/auxiliary/gather/x11_keyboard_spy.rb
@@ -53,8 +53,8 @@ def initialize(info = {})
       )
     )
     register_options [
-      OptInt.new('ListenerTimeout', [ true, 'The maximum number of seconds to keylog', 600 ]), # 10 minutes
-      OptInt.new('PRINTERVAL', [ true, 'The interval to print keyloggs in seconds', 60 ]) # 1 minutes
+      OptInt.new('LISTENER_TIMEOUT', [ true, 'The maximum number of seconds to keylog', 600 ]), # 10 minutes
+      OptInt.new('PRINTERVAL', [ true, 'The interval to print keylogs in seconds', 60 ]) # 1 minutes
     ]
   end
 
@@ -233,7 +233,7 @@ def run
     # loop mechanics stolen from exploit/multi/handler
     stime = Time.now.to_f
     print_timer = Time.now.to_f
-    timeout = datastore['ListenerTimeout'].to_i
+    timeout = datastore['LISTENER_TIMEOUT'].to_i
     printerval = datastore['PRINTERVAL'].to_i
     begin
       loop do

diff --git a/spec/lib/rex/proto/x11/xkeyboard.rb b/spec/lib/rex/proto/x11/xkeyboard.rb
@@ -401,7 +401,7 @@
 
         expect(response.n_key_sym).to eq(248)
         # spot check a few of the key_map_array items
-        expect(response.key_map_array[247].key_sym_array[0].syms).to eq(269025205)
+        expect(response.key_map_array[247].key_sym_array[0]).to eq(269025205)
 
         expect(response.total_mod_map_key).to eq(15)
         # spot check a few of the key_mod_map_array items