Merge pull request #10444 from projectdiscovery/pussycat0x-patch-12

Create x11-unauth-access.yaml

javascript/misconfiguration/x11/x11-unauth-access.yaml

@@ -0,0 +1,48 @@
+id: x11-unauth-access
+
+info:
+  name: x11 - Unauthenticated Access
+  author: pussycat0x
+  severity: high
+  description: |
+    To check if you can connect to a remote X server, send an X11 initial connection request to TCP port 6000+n (where n is the display number). The response success byte (0x00 or 0x01) indicates if you are allowed; if successful, the script will display "X server access is granted," confirming that an attacker can connect to the X server
+  reference:
+    - https://nmap.org/nsedoc/scripts/x11-access.html
+    - https://book.hacktricks.xyz/network-services-pentesting/6000-pentesting-x11
+    - https://www.hackingarticles.in/penetration-testing-on-x11-server/
+  metadata:
+    shodan-query: "Open X Server:"
+    verified: true
+    max-request: 1
+  tags: x11,network,js,remote,unauth
+
+javascript:
+  - pre-condition: |
+      isPortOpen(Host,Port);
+    code: |
+      let packet = bytes.NewBuffer();
+      const c = require("nuclei/net");
+      const cmd = "l\u0000\u000b\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000"
+      packet.WriteString(cmd)
+      let conn = c.Open('tcp', `${Host}:${Port}`);
+      conn.SendHex(packet.Hex());
+      const result = conn.RecvFull();
+
+      let accessGranted;
+
+      if (result[0] === 1) {
+      accessGranted = true;
+        } else {
+          conn.Close();
+        }
+
+      accessGranted
+
+    args:
+      Host: "{{Host}}"
+      Port: 6000
+
+    matchers:
+      - type: dsl
+        dsl:
+          - response