Penetration Testing mailing list archives
Re: sniffing X traffic.
From: Mike Craik <bovine () btinternet com>
Date: Mon, 13 Aug 2001 02:07:09 +0100
Power Steve wrote:
Anyone know if you can meaningfully sniff Exceed ( I guess it's the same as X) traffic? Im being a bit lame, my personal test lab is down atm, and I cant find anything on the net re sniffing and interpreting X traffic.
You can have quite a bit of 'fun' with X11. i.e. If someone running an unprotected X server - not using MIT Magic Cookies or xhost authentication properly for example (they have issued 'xhost +' ...) - then you can easily grab a screenshot of their X display (remotely). Grab: /usr/X/bin/xwd x11user.victum.com:0 -root -out /tmp/i_can_see_you.dmp (:0 indicates the first X display - this listens on port 6000, :1 would be port 6001 etc.) View: /usr/X/bin/xwud -in /tmp/i_can_see_you.dmp Out of the box, The Exceed X11 server places no restrictions on remote connections... :-( xspy - http://www.acm.vt.edu/~jmaxwell/programs/xspy/xspy.html - can be used to capture keystrokes from an X server. You don't need much of an imagination to realize what sort of thing it can be used for :-). Pretty much any packet sniffer can grab X11 packets. AFAIK dsniff will sniff MIT Magic cookies. Cheers, Mike. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- sniffing X traffic. Power Steve (Aug 12)
- Re: sniffing X traffic. Mike Craik (Aug 13)
- Re: sniffing X traffic. Anders Thulin (Aug 13)
- Re: sniffing X traffic. Don Bailey (Aug 15)
- <Possible follow-ups>
- RE: sniffing X traffic. Lodin, Steven {GZ-Q~Mannheim} (Aug 13)
- RE: sniffing X traffic. Joshua Wright (Aug 13)
- Re: sniffing X traffic. BS (Aug 14)