Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/mellow-hype/keysniffer-poc
Simple PoC Linux keysniffer showing impact of a lack of GUI-isolation in X display server.
https://github.com/mellow-hype/keysniffer-poc
infosec keysniffer linux proof-of-concept security
Last synced: 22 days ago
JSON representation
Simple PoC Linux keysniffer showing impact of a lack of GUI-isolation in X display server.
- Host: GitHub
- URL: https://github.com/mellow-hype/keysniffer-poc
- Owner: mellow-hype
- Created: 2017-03-20T02:23:47.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2017-06-21T17:24:32.000Z (over 7 years ago)
- Last Synced: 2024-08-04T09:05:49.118Z (4 months ago)
- Topics: infosec, keysniffer, linux, proof-of-concept, security
- Language: Python
- Size: 16.6 KB
- Stars: 5
- Watchers: 1
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - mellow-hype/keysniffer-poc - Simple PoC Linux keysniffer showing impact of a lack of GUI-isolation in X display server. (Python)
- awesome-network-stuff - **4**星 - isolation in X display server. (<a id="7bf0f5839fb2827fdc1b93ae6ac7f53d"></a>工具 / <a id="32739127f0c38d61b14448c66a797098"></a>嗅探&&Sniff)
README
# README
A simple PoC keysniffer for Linux using the technique discussed in [this article](http://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui-isolation.html). Not meant to be anything super dangerous or useful at the moment, but we'll see where it goes.**Depends on `xinput` and `xmodmap`. Written in Python 3.**
## Details
The lack of isolation between GUI objects in the X display server allows any process, privileged or unprivileged, to see what other processes are doing in the context of the GUI. This makes it trivial to sniff keystrokes, take screenshots of other windows, etc. This is a fundamental flaw in the design of the X server architecture, though it is not unique to it.This PoC keysniffer shows how an unprivileged user could run such a script and capture admin credentials or other private data on a shared system. As an experiment, one can run the script in one terminal window while using `su` to elevate privileges in another, for example. The script will capture all keystrokes, including the credentials used to elevate privileges.
At the moment, it is not possible to run the script as a user that isn't connected to the X server and sniff keystrokes from other users who do have active displays. It *is* possible to run the script through a remote shell session and capture keystrokes from the active X session on the system, but only if the user account that executes the script is also the account that started the X session.
## Usage
```
python3 poc.py
```
To stop the script, Control-C or send a keyboard interrupt to terminal where this is running.The script will write the collected keys to a file 'rekt.txt' upon receiving a keyboard interrupt. Modifications can be done directly in the code which shouldn't be too difficult.