Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mellow-hype/keysniffer-poc

Simple PoC Linux keysniffer showing impact of a lack of GUI-isolation in X display server.
https://github.com/mellow-hype/keysniffer-poc

infosec keysniffer linux proof-of-concept security

Last synced: 22 days ago
JSON representation

Simple PoC Linux keysniffer showing impact of a lack of GUI-isolation in X display server.

Awesome Lists containing this project

README

        

# README
A simple PoC keysniffer for Linux using the technique discussed in [this article](http://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui-isolation.html). Not meant to be anything super dangerous or useful at the moment, but we'll see where it goes.

**Depends on `xinput` and `xmodmap`. Written in Python 3.**

## Details
The lack of isolation between GUI objects in the X display server allows any process, privileged or unprivileged, to see what other processes are doing in the context of the GUI. This makes it trivial to sniff keystrokes, take screenshots of other windows, etc. This is a fundamental flaw in the design of the X server architecture, though it is not unique to it.

This PoC keysniffer shows how an unprivileged user could run such a script and capture admin credentials or other private data on a shared system. As an experiment, one can run the script in one terminal window while using `su` to elevate privileges in another, for example. The script will capture all keystrokes, including the credentials used to elevate privileges.

At the moment, it is not possible to run the script as a user that isn't connected to the X server and sniff keystrokes from other users who do have active displays. It *is* possible to run the script through a remote shell session and capture keystrokes from the active X session on the system, but only if the user account that executes the script is also the account that started the X session.

## Usage
```
python3 poc.py
```
To stop the script, Control-C or send a keyboard interrupt to terminal where this is running.

The script will write the collected keys to a file 'rekt.txt' upon receiving a keyboard interrupt. Modifications can be done directly in the code which shouldn't be too difficult.