Power Steve wrote: > > Anyone know if you can meaningfully sniff Exceed ( I guess it's the same as > X) traffic? Im being a bit lame, my personal test lab is down atm, and I > cant find anything on the net re sniffing and interpreting X traffic. You can have quite a bit of 'fun' with X11. i.e. If someone running an unprotected X server - not using MIT Magic Cookies or xhost authentication properly for example (they have issued 'xhost +' ...) - then you can easily grab a screenshot of their X display (remotely). Grab: /usr/X/bin/xwd x11user.victum.com:0 -root -out /tmp/i_can_see_you.dmp (:0 indicates the first X display - this listens on port 6000, :1 would be port 6001 etc.) View: /usr/X/bin/xwud -in /tmp/i_can_see_you.dmp Out of the box, The Exceed X11 server places no restrictions on remote connections... :-( xspy - http://www.acm.vt.edu/~jmaxwell/programs/xspy/xspy.html - can be used to capture keystrokes from an X server. You don't need much of an imagination to realize what sort of thing it can be used for :-). Pretty much any packet sniffer can grab X11 packets. AFAIK dsniff will sniff MIT Magic cookies. Cheers, Mike. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Aug 13 2001 - 12:29:13 PDT