
Shooting Back
Xterms
Step-by-Step
¨Attacker configures his own machine to accept incoming X sessions from the target machine via “xhost +victim”
¨Attacker overflows
the buffer of vulnerable program on the
target machine with shell command to run the Xterm program and directing the display to the attacker’s machine
¨Commands typed by
attacker into Xterm are executed on
the victim machine.