Re: X Server Test/Exploit

[Ghandi <ghandi () MINDLESS COM>]

It doesn't take much Xlib to determine whether or not you have access to a
remote display.  For example:

#include <stdio.h>
#include <stdlib.h>
#include <X11/Xlib.h>

int main(int argc, char* argv[])
{
    Display* d;
    if (argc < 2) {
        printf("usage: %s <display>\n", argv[0]);
        exit(-1);
    }
    if ((d = XOpenDisplay(argv[1]))) {
        printf("xtry: X server on %s is open.\n", argv[1]);
        XCloseDisplay(d);
    }
    return 0;
}

If XOpenDisplay(3X11) returns non-null, you have complete access to their
display (whether to use xwd, xkey, xmelt :), or whatever).  It shouldn't
be difficult to script nmap and that chunk of code together to get what
you want.


On Wed, 30 Aug 2000, Crist Clark wrote:

> Does anyone have a quick tool to test for open X servers? I have an
> 'xkey' style program which eavesdrops keystrokes and mouse actions, but
> that has some drawbacks. If I attempt to watch a server and it fails,
> I know the server is not promiscuous. However, if it does not fail, that
> does not mean the server is promiscuous... For example, there may be no
> server running or even no machine at all.
>
> Anyone seen something that can get a more definitive response on the
> status of an X server? (Kind of surprised there is no Nessus plugin that
> does more than just detect the server... Maybe if someone finds me a test
> proggie I can translate it into a plugin. I'm here begging since I
> figure it could take some serious time to learn enough Xlib calls
> to get a C program, perl script, or NASL script working from scratch.)
>
> Thanks.
> --
> Crist J. Clark                                Network Security Engineer
> crist.clark () globalstar com                    Globalstar, L.P.
> (408) 933-4387                                FAX: (408) 933-4926