dil15
Posts: 2
Joined: Wed Jun 08, 2016 11:54 pm

X server vulnerability in Pi and errors with startx command

Thu Jun 09, 2016 12:11 am

:) Hi I have been trying to hack my pi through X server vulnerability which I found by vulnerability scanner, and the following website is the one I found in google about X11 hacking:

http://colesec.inventedtheinternet.com/hacking-x11/

However, when I type

Code: Select all

xwd -root -screen -silent -display 192.168.1.5:0 > screenshot.xwd
, it give me "xwd: cannot open display "".

So I assume it is because I did not activated 'startx' command(to activate graphical interface). And I did startx on my pi terminal, it shows me this error:

Code: Select all

X.Org X Server 1.12.4
Release Date: 2012-08-27
X Protocol Version 11, Revision 0
Build Operating System: Linux 3.2.0-2-mx5 armv7l Debian
Current Operating System: Linux dex 4.1.13-v7+ #826 SMP PREEMPT Fri Nov 13 20:19:03 GMT 2015 armv7l
Kernel command line: dma.dmachans=0x7f35 bcm2708_fb.fbwidth=656 bcm2708_fb.fbheight=416 bcm2709.boardrev=0xa21041 bcm2709.serial=0x948b59c6 smsc95xx.macaddr=B8:27:EB:8B:59:C6 bcm2708_fb.fbswap=1 bcm2709.uart_clock=32000000 bcm2709.disk_led_gpio=47 bcm2709.disk_led_active_low=0 sdhci-bcm2708.emmc_clock_freq=250000000 vc_mem.mem_base=0x3dc00000 vc_mem.mem_size=0x3f000000  dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline rootwait
Build Date: 11 February 2015  09:31:17PM
xorg-server 2:1.12.4-6+deb7u6 (Julien Cristau <jcristau@debian.org>) 
Current version of pixman: 0.33.1
	Before reporting problems, check http://wiki.x.org
	to make sure that you have the latest version.
Markers: (--) probed, (**) from config file, (==) default setting,
	(++) from command line, (!!) notice, (II) informational,
	(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(==) Log file: "/var/log/Xorg.0.log", Time: Wed Jun  8 08:13:45 2016
(==) Using config file: "/etc/X11/xorg.conf"
(==) Using system config directory "/usr/share/X11/xorg.conf.d"

Fatal server error:
no screens found

Please consult the The X.Org Foundation support 
	 at http://wiki.x.org
 for help. 
Please also check the log file at "/var/log/Xorg.0.log" for additional information.

Server terminated with error (1). Closing log file.
xinit: giving up
xinit: unable to connect to X server: Connection refused
xinit: server error
And I found a website about how to solve this, and it says that I need xorg.conf file in /etc/X11, but I cannot find file called xorg.conf in the file directory. So I tried to make a new xorg.conf, which is made by 'sudo Xorg -configure'. But then when it's entered, it shows me:

Code: Select all

pi@dex ~ $ sudo Xorg -configure

X.Org X Server 1.12.4
Release Date: 2012-08-27
X Protocol Version 11, Revision 0
Build Operating System: Linux 3.2.0-2-mx5 armv7l Debian
Current Operating System: Linux dex 4.1.13-v7+ #826 SMP PREEMPT Fri Nov 13 20:19:03 GMT 2015 armv7l
Kernel command line: dma.dmachans=0x7f35 bcm2708_fb.fbwidth=656 bcm2708_fb.fbheight=416 bcm2709.boardrev=0xa21041 bcm2709.serial=0x948b59c6 smsc95xx.macaddr=B8:27:EB:8B:59:C6 bcm2708_fb.fbswap=1 bcm2709.uart_clock=32000000 bcm2709.disk_led_gpio=47 bcm2709.disk_led_active_low=0 sdhci-bcm2708.emmc_clock_freq=250000000 vc_mem.mem_base=0x3dc00000 vc_mem.mem_size=0x3f000000  dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline rootwait
Build Date: 11 February 2015  09:31:17PM
xorg-server 2:1.12.4-6+deb7u6 (Julien Cristau <jcristau@debian.org>) 
Current version of pixman: 0.33.1
	Before reporting problems, check http://wiki.x.org
	to make sure that you have the latest version.
Markers: (--) probed, (**) from config file, (==) default setting,
	(++) from command line, (!!) notice, (II) informational,
	(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(==) Log file: "/var/log/Xorg.0.log", Time: Thu Jun  9 00:10:06 2016
List of video drivers:
	fbturbo
	fbdev
No devices to configure.  Configuration failed.
Server terminated with error (2). Closing log file.

Can anybody please help me with this issue?

User avatar
MarkHaysHarris777
Posts: 1820
Joined: Mon Mar 23, 2015 7:39 am
Location: Rochester, MN
Contact: Website

Re: X server vulnerability in Pi and errors with startx comm

Thu Jun 09, 2016 4:55 am

No, no, no, no... no. :o

... Its already built-in, and its not called X11 hacking, its called X11 forwarding, and it works like this:

... assuming you have not broken anything yet... put everything back the way it was...

Now, forwarding X11 over ssh is easy, and its already setup; in other words, ssh has been configured for you to forward X11 packets over ssh:

Code: Select all

ssh -X -f -p <port number> -l <username>  hostname  lxterminal
That command will start an lxterminal on the remote <hostname> machine, under userid <username> and port <port number> (defaults to 22) and it will prompt you for the password (ssh) and then be patient !! because it takes a few seconds (10-20) for the terminal to pop up.

That's it !

I actually use xterm, but its not built-in to raspbian: (put xterm on the remote machine)

Code: Select all

sudo apt-get install xterm

Code: Select all

ssh -X -f -p 22 -l pi <hostname_or_address>  xterm

That's all there is to it... hope you didn't break anything ! :roll:
marcus
:ugeek:

Return to “Networking and servers”