HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 66 guests and 2 members online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Malwarearrow Looking for an old exploit - xscan.c
EH-Net
May 24, 2012, 04:41:49 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Looking for an old exploit - xscan.c  (Read 8118 times)
0 Members and 1 Guest are viewing this topic.
jimbob
Guest
« on: June 27, 2007, 10:07:55 AM »
Hi all,
I've been trying to track down a copy of xscan.c, a little program that connects to an Xwindow server and log keystrokes if someone has been silly enough to run xhost +. Does anyone have a copy or an equivalent tool?

Regards,
Jim
Logged
Craig
EH-Net Columnist
Jr. Member
*****
Offline Offline

Posts: 69


View Profile WWW
« Reply #1 on: June 27, 2007, 12:50:20 PM »
This looks like what you're talking about:

http://packetstorm.foofus.com/Exploit_Code_Archive/xscan.tar.gz
Logged
http://www.sourcesec.com
jimbob
Guest
« Reply #2 on: June 28, 2007, 08:34:04 AM »
Nice one! The the days of way back this was a single file named xscan.c. No wonder my searches didn't throw up anything!

And remember kids, always tunnel your X traffic through ssh ;-)

Cheers,
Jim
Logged
jimbob
Guest
« Reply #3 on: June 29, 2007, 04:05:23 AM »
Just a quick note to anyone using this app. I've compiled and run this successfully under Cygwin but beware, the output filename for this tool is KEYLOG[hostname]:0.0

Anyone spot the issue with this? If you tun this under cygwin you'll get a file name KEYLOG[hostname] with a ADS stream named 0.0 instead of the intended filename. xscan inadvertently hides the output of the keylogger, shame about the woefully obvious file name ;-)

The reason I dug this tool up again is that I've seen some resurgence in vulnerable X servers, particularly since Cygwin has gained more popularity. Anyone else have any similar experience?

Jim
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.108 seconds with 22 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.