Groups

Video

• The video group gives us access to screen output
• Privesc usage example: If a user has a credential showing on their screen we can look at the screen image and view the credential.

View screen output

Capture the raw image data of current screen output

cat /dev/fb0 > /tmp/screen.raw

Get the screen output image resolution size

cat /sys/class/graphics/fb0/virtual_size

View the captured screen.raw content

• Open screen.raw using gimp. File > Open... > Select File Type: Raw image data > (check) Show All Files Files > (click on/open) screen.raw
• Set width and height to what is shown in /sys/class/graphics/fb0/virtual_size
• Change "Image Type:" until a clear image is shown.