starred/EvilnoVNC-JoelGMSec
1
0
Fork 0
mirror of https://github.com/JoelGMSec/EvilnoVNC.git synced 2026-04-25 17:15:49 +03:00
Code Issues 5 Projects Releases Packages Wiki Activity

[GH-ISSUE #32] Full desktop and root terminal access in running container #29

New issue
Closed
opened 2026-02-27 07:16:12 +03:00 by kerem · 2 comments
kerem commented 2026-02-27 07:16:12 +03:00
Owner
Copy link

Originally created by @ms101 on GitHub (Sep 25, 2023).
Original GitHub issue: https://github.com/JoelGMSec/EvilnoVNC/issues/32

There is a way to get access to the desktop and root terminals in a running container (tested with latest Firefox and Chromium):

  1. (optional) Ctrl+Alt+RightArrowKey switches to another virtual desktop
  2. Alt+F2 starts the app launcher, choose xfce4-keyboard-settings
  3. choose Application Shortcuts and add a new one
  4. as command: chmod 777 /usr/bin/xfce4-terminal
  5. as shortcut: Alt+F3
  6. save, overwrite shortcut and press Alt+F3
  7. then start xfce4-terminal via app launcher (Alt+F2), this also works for starting thunar or xfce4-panel

Now a user has root access to the container, including collected data in /home/user/Downloads:
2023-09-25_14-52-27_screenshot

Possible measures:

  • harden XFCE configuration or file permissions
  • better avoid a full DE at all (working on it..)
Originally created by @ms101 on GitHub (Sep 25, 2023). Original GitHub issue: https://github.com/JoelGMSec/EvilnoVNC/issues/32 There is a way to get access to the desktop and root terminals in a running container (tested with latest Firefox and Chromium): 1. (optional) Ctrl+Alt+RightArrowKey switches to another virtual desktop 2. Alt+F2 starts the app launcher, choose xfce4-keyboard-settings 3. choose Application Shortcuts and add a new one 4. as command: chmod 777 /usr/bin/xfce4-terminal 5. as shortcut: Alt+F3 6. save, overwrite shortcut and press Alt+F3 7. then start xfce4-terminal via app launcher (Alt+F2), this also works for starting thunar or xfce4-panel Now a user has root access to the container, including collected data in /home/user/Downloads: ![2023-09-25_14-52-27_screenshot](https://github.com/JoelGMSec/EvilnoVNC/assets/7735657/b8802e5d-7158-4367-8a03-75be10fa9334) Possible measures: - harden XFCE configuration or file permissions - better avoid a full DE at all (working on it..)
kerem closed this issue 2026-02-27 07:16:12 +03:00
kerem commented 2026-02-27 07:16:13 +03:00
Author
Owner
Copy link

@ms101 commented on GitHub (Oct 4, 2023):

PR #33 should fix this

<!-- gh-comment-id:1747116901 --> @ms101 commented on GitHub (Oct 4, 2023): PR #33 should fix this
kerem commented 2026-02-27 07:16:13 +03:00
Author
Owner
Copy link

@JoelGMSec commented on GitHub (Oct 6, 2023):

Thanks again @ms101 :)

<!-- gh-comment-id:1750841266 --> @JoelGMSec commented on GitHub (Oct 6, 2023): Thanks again @ms101 :)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
No results found.
Labels
Clear labels   
pull-request

Mirrored from GitHub Pull Request

No labels
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/EvilnoVNC-JoelGMSec#29
No description provided.