Adsons

    The ease of (ab)using X11, Part 2

    Date09 Jun 2004
    5290
    Posted ByLinuxSecurity Advisories
    Last time we looked at how you can get access to an X11 server, the desktop software you are using when you're running graphical environments like Gnome or KDE. When you have access to the X11 server, you can do some remarkable things. As an example, I previously showed you how to open an xterm on the users screen to leave them a message. Rather than use an xterm, it's much easier to use xmessage[1], which will pop up a window and can even have programmable buttons. . . . Last time we looked at how you can get access to an X11 server, the desktop software you are using when you're running graphical environments like Gnome or KDE. When you have access to the X11 server, you can do some remarkable things. As an example, I previously showed you how to open an xterm on the users screen to leave them a message. Rather than use an xterm, it's much easier to use xmessage[1], which will pop up a window and can even have programmable buttons.

    So, using xmessage as our target program, let's recap. First, log into the victim's desktop, become root, and set up your environment to access his X11 server:

    home$ ssh victim_desktop
    victim$ sudo /bin/ksh

    victim\# XAUTHORITY=/home/fernando/.Xauthority
    victim\# export XAUTHORITY
    victim\# DISPLAY=:0
    victim\# export DISPLAY

    At this point, you have access to the server and can do anything, for example running xmessage:

    victim\# xmessage "Hey, Fernando, don't forget to walk the dog."

    You won't see anything of course - the window went on Fernando's screen.

    Comments powered by CComment

    Sidebar Ad

    LinuxSecurity Poll

    Does your company/organization utilize open-source software?

    Message!

    Poll results are hidden from public viewing.

    You are not authorized to vote on this poll.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    5
    radio
    bottom200

    Advisories