From: Ghandi [ghandi@MINDLESS.COM] Sent: Thursday, August 31, 2000 2:33 AM To: VULN-DEV@SECURITYFOCUS.COM Subject: Re: X Server Test/Exploit It doesn't take much Xlib to determine whether or not you have access to a remote display. For example: #include #include #include int main(int argc, char* argv[]) { Display* d; if (argc < 2) { printf("usage: %s \n", argv[0]); exit(-1); } if ((d = XOpenDisplay(argv[1]))) { printf("xtry: X server on %s is open.\n", argv[1]); XCloseDisplay(d); } return 0; } If XOpenDisplay(3X11) returns non-null, you have complete access to their display (whether to use xwd, xkey, xmelt :), or whatever). It shouldn't be difficult to script nmap and that chunk of code together to get what you want. On Wed, 30 Aug 2000, Crist Clark wrote: > Does anyone have a quick tool to test for open X servers? I have an > 'xkey' style program which eavesdrops keystrokes and mouse actions, but > that has some drawbacks. If I attempt to watch a server and it fails, > I know the server is not promiscuous. However, if it does not fail, that > does not mean the server is promiscuous... For example, there may be no > server running or even no machine at all. > > Anyone seen something that can get a more definitive response on the > status of an X server? (Kind of surprised there is no Nessus plugin that > does more than just detect the server... Maybe if someone finds me a test > proggie I can translate it into a plugin. I'm here begging since I > figure it could take some serious time to learn enough Xlib calls > to get a C program, perl script, or NASL script working from scratch.) > > Thanks. > -- > Crist J. Clark Network Security Engineer > crist.clark@globalstar.com Globalstar, L.P. > (408) 933-4387 FAX: (408) 933-4926 >