From: W. Trevor King Date: Wed, 18 May 2011 17:45:21 +0000 (-0400) Subject: Add X hacks post. X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=78e706c194dcb445fa1419679b8ed4c11105c647;p=blog.git Add X hacks post. --- diff --git a/posts/X_hacks.mdwn b/posts/X_hacks.mdwn new file mode 100644 index 0000000..ed3b2e0 --- /dev/null +++ b/posts/X_hacks.mdwn @@ -0,0 +1,44 @@ +While writing up my [[mxcons]] post, I ran across the *ease of +(ab)using X11" articles ([1][] and [2][]) Brian Hatch posted in 2004. +In the first part, he walks you through `DISPLAY` and `xauth`, which +I'd seen before, but the second part contained more nice tricks. The +difficulty here is remembering all the useful little utilities for +manipulating X. Here's a quick list: + +* `xmessage` for popping up dialog windows +* `xlsclients -l` for listing all connected clients (this is how you + get those window ids!) +* `xwininfo -id windowid` to get more info on a given window +* `xwd` for taking screenshots +* `xev`, the classic X event monitor +* `xkey`, non-standard keysniffer +* `x2x` to connect your mouse and keyboard to another display +* `xdpyinfo` to get information about an X display. + +Here are some examples: + +Grab whole desktop as a png: + + $ xwd -root -silent - | convert - root.png + +Grab single window as a png: + + $ xwd -id windowid -silent - | convert - win.png + +Determine which window has the focus: + + $ xdpyinfo | grep focus + +Brian's [subsequent article][3] discusses malicious sysadmins abusing +X to log keystrokes on your home computer. + +Everyone should read these before they start using X, which would help +avoid exposure to [simple attacks][]. + +[1]: http://www.hackinglinuxexposed.com/articles/20040513.html +[2]: http://www.hackinglinuxexposed.com/articles/20040608.html +[3]: http://www.hackinglinuxexposed.com/articles/20040705.html +[simple attacks]: http://seclists.org/educause/2007/q1/138 + +[[!tag tags/linux]] +[[!tag tags/tools]]