Although SSH is a powerful tool for controlling a computer remotely, not all applications can be run on the command line. Some apps (such as Firefox) and hack tools (such as Airgeddon) require opening multiple X windows to work, which can be achieved by using the built-in graphical X forwarding for SSH.
SSH, or the secure shell, is the de facto way or access to a remote computer, so that everyone can log in and manage a computer via a local or remote network. Many useful apps can be operated this way, but apps that require an interactive window cannot be opened when accessed via SSH. To make this possible, we must forward the data from the remote computer to a server running on our local machine, which will display the external application in a window on our local screen.
What you can't do without x1
Most hackers are familiar with the basic use of SSH for everything from accessing your Linux remote system to transferring files over a network. For command line applications, SSH can give you full control without any adjustments, programs & # 39; s such as Besside-ng, Bettercap and Kismet without problems.
The limitations of SSH become clear as soon as we try to do something like Airgeddon, which requires multiple windows to open and run programs to transfer data back to the main program. Without starting these programs in additional graphical windows, Airgeddon does not work, making it seemingly useless for a hacker with only an external SSH connection.
Trusted vs. untrusted Graphical X Forwarding
If you want to perform something more complicated than a command-line program, SSH has covered us by offering x11 forwarding. This means that, provided that a graphical X window is running on the remote computer, we can forward the application data to the remote computer so that it looks like it is running on the local device.
There are two types of graphical X forwarding, trusted and untrusted. With trusted X forwarding, we ensure that the application we use does not crash by disabling certain security controls designed to cause the connection to crash if the app violates specific security policies. In an untrusted connection, we have more security when connecting to an untrusted computer network, but we also have a greater chance of the application crashing.
Because graphical X forwarding is enabled by default on most Linux systems, running applications via SSH is a lot easier to do than setting up a VNC server all over again. This makes it a useful skill for any hacker who wants to do anything, from injecting websites into the web history of a target to running tools that require opening multiple windows.
you must have two computers connected to the same network. SSH must be installed and active for both.
An SSH server must be enabled and active on your external computer. If you have Linux, no adjustments are needed, but on macOS or Windows we have to change things in a later step.
Linux must have a graphical X window on your local computer beforehand, but your & # 39; For this you need to install one to work on Windows or macOS. If your local machine is a MacBook or other macOS device, you can download and install XQuartz to run an X window graphics server. If you use Windows, you can use Xming to do the same.
The first step is to enable graphical X forwarding on the server that is running on your computer to want remote access. This will vary slightly depending on the operating system that this system uses.
If the external computer uses Linux, x11 forwarding is enabled by default and you do not need to do anything. If the remote computer you are logging on is running macOS, you must edit your sshd_config file.
~ $ nano / etc / ssh / sshd_config
If sshd_config contains # X11Forwarding no (or just X11Forwarding no ), change it instead X11Forwarding yes and you can see it below.
# $ OpenBSD: sshd_config, v 1,103 2018/04/09 20: 41:22 tj Exp $ # This is the system-wide configuration file of the sshd server. See # sshd_config (5) for more information. # This sshd is compiled with PATH = / usr / bin: / bin: / usr / sbin: / sbin # The strategy used for options in the standard sshd_config that comes with # OpenSSH is to specify options with their default value true # possible, but leave them responded. Uncompressed options replace the # default value. ... #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts none # X11 Forwarding yes # X11DisplayOffset 10 # X11UseLocalhost yes #PermitTTY yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS no #PidFile /var/run/sshd.pid #MaxStartups 10: 30: 100 #PermitTunnel no #ChrootDirectory no #VersionAddendum none # pass on local information AcceptEnv LONG LC_ * # no standard banner path # No # overwrite the default value of no subsystems Subsystem sftp / usr / libexec / sftp server # Example of canceling settings per user #Match User anoncvs # X11Yes forward # AllowTcpForwarding no # ADMISSION No. # ForceCommand cvs server
Press Ctrl-X and then Y to save the changes to this file in Nano. Now x11 forwarding must be enabled on the computer.
If you use Windows, you must make some changes to PuTTY. The program is the easiest way to get started with SSH on Windows and it is free to download from the official website.
You can enable X11 forwarding on PuTTY by selecting "Enable X11 forwarding" in the "PuTTY configuration & # 39; on the & # 39; Connection & # 39; tab under the & # 39; SSH & # 39 options Once this option is enabled, you must be able to forward graphical X sessions from your Windows machine to external devices.
Let's start with a & # 39; trusted & # 39; graphical X session. Because untrusted sessions can crash quite easily, this is the default option currently enabled on Ubuntu.
The difference between a trusted and untrusted session is essential when looking at In a trusted session, we may give the remote computer the ability to take a screenshot, create keylog, and inject input into one of the windows of other programs.
Use in our first example We have the standard trusted connection a Firefox window. First, let's look at the command we need to start a graphics application via SSH.
~ $ ssh -Y username @ LOCAL_IP_ADDRESS
If we log in to a remote computer with a username of "root" at 192.168 .0.3, our command to start Firefox would be as follows.
~ $ ssh -Y firstname.lastname@example.org firefox
If we started our graphical X window server (such as XQuartz), we should see a Firefox window on our local machine.
We must be able to do this with every graphic application on the system.
By default, Linux systems such as Ubuntu are configured to minimize that applications are redirected after x11 crashing by treating them as standard. This is not always desirable because you may not really trust a computer that you connect to remotely.
The command for handling an external system when forwarding a graphical X window is the option -X but this will do nothing else until we get access to the ssh_config file and change it to disable trusted external x11 connections by default. To do this, we can reopen our ssh_config file with Nano to change the line with the text ForwardX11Trusted to look below.
Now we can run Firefox again as an untrusted app with the following command:
~ $ ssh -X email@example.com firefox
Although this application may crash more, it will This also happens instead of causing security problems on your computer depending on the situation.
It is easy to use graphic X applications via SSH
Although the use of SSH for access to a remote computer can come with a number of limitations, there are many ways to bypass them. Graphical X forwarding is an incredibly useful way to execute programs that could not otherwise be executed and prevent the installation of VNC or other complicated protocols. With graphical X forwarding, almost any application can be run remotely from any location.
I hope you enjoyed this guide for opening graphic X applications via SSH! If you have questions about this tutorial about SSH or you have a comment, ask them below or feel free to reach me on Twitter @KodyKinzie .
Don't Miss It: How to Hide MacOS Payloads Inside Photo Metadata