I put a whitepaper together on this topic about 1 year ago. You can find it in the whitepapers\archives section on http://www.securityhorizon.com if interested. Two of my favorite tools to use for capturing info from exported X resources are xkeys and xwatchwin. I have problems getting xwatchwin to capture window images from Exceed and etc. but xkeys works great. (Thanks to who ever put that piece of work together.) The amazing thing is that after over 1 year of notification there are several companies that still have the default installation, of X window software, exporting X resources to the world. Besides Exceed, Chameleon, Xvision, and (I believe the other was) PC Xware, all install vulnerable. good luck bs ----- Original Message ----- From: "Joshua Wright" <Joshua.Wrightat_private> To: "'Power Steve'" <steve.powerat_private>; <PEN-TESTat_private> Sent: Monday, August 13, 2001 8:30 AM Subject: RE: sniffing X traffic. > You should be looking at dsniff by Dug Song > (http://www.monkey.org/~dugsong/). > > Included is an X11 decoder to display clear-text passwords. You can > probably modify this to fit your needs. > > -Joshua Wright > Joshua.Wrightat_private > > > -----Original Message----- > From: Power Steve [mailto:steve.powerat_private] > Sent: Friday, August 10, 2001 10:45 AM > To: 'PEN-TESTat_private' > Subject: sniffing X traffic. > > > Hey all > > long time listener, first time caller. > > Anyone know if you can meaningfully sniff Exceed ( I guess it's the same as > X) traffic? Im being a bit lame, my personal test lab is down atm, and I > cant find anything on the net re sniffing and interpreting X traffic. > > If anyone would be so kind as to answer a specific question, could I see > passwords etc in the traffic? > > thanks in advance. > > Steve Power > Security Consultant > > > > > Legal Disclaimer:- > > Please be aware that messages sent over > the Internet may not be secure and should > not be seen as forming a legally binding > contract unless otherwise stated. > > > -------------------------------------------------------------------------- -- > This list is provided by the SecurityFocus Security Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please see: > https://alerts.securityfocus.com/ > > -------------------------------------------------------------------------- -- > This list is provided by the SecurityFocus Security Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please see: > https://alerts.securityfocus.com/ > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Aug 14 2001 - 11:52:31 PDT