Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: X Server Test/Exploit

From: "Matthew F. Caldwell" <mattc () GUARDED NET>
Date: Thu, 31 Aug 2000 08:36:03 -0400
Try using the X tool, "xwd" it allows you to dump the current window that is open (via xhost + anyways) to a image file 
that can be read by xview and some other readers.

syntax: xwd -root -display (victim ip):0.0 > dump.xwd

Have fun

Crist Clark wrote:

Does anyone have a quick tool to test for open X servers? I have an
'xkey' style program which eavesdrops keystrokes and mouse actions, but
that has some drawbacks. If I attempt to watch a server and it fails,
I know the server is not promiscuous. However, if it does not fail, that
does not mean the server is promiscuous... For example, there may be no
server running or even no machine at all.

Anyone seen something that can get a more definitive response on the
status of an X server? (Kind of surprised there is no Nessus plugin that
does more than just detect the server... Maybe if someone finds me a test
proggie I can translate it into a plugin. I'm here begging since I
figure it could take some serious time to learn enough Xlib calls
to get a C program, perl script, or NASL script working from scratch.)

Thanks.
--
Crist J. Clark                                Network Security Engineer
crist.clark () globalstar com                    Globalstar, L.P.
(408) 933-4387                                FAX: (408) 933-4926


--
Matthew F. Caldwell, CISSP - Senior Consultant
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 Guarded.Net - An Information Security Company
       Email: matt.caldwell () guarded net
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
          http://www.guarded.net
---------------------------------------------------------------------------
This e-mail may contain proprietary commercial information and is intended
for the addressed recipient(s) only.  If you are not an addressed
recipient of this e-mail and have received it in error, you must delete
it.  You may not forward or disseminate information contained in this
e-mail without permission from Guarded.Net.
Questions? Contact legal () guarded net
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: