Phf Exploits

They were using the canonical "execute xterm on the remote box as root with DISPLAY set to my X server" version of the phf exploit.

Tom’s nasty xterm…_

Previous slide Next slide Back to first slide View graphic version

Notes:

Tom’s look-alike takes advantage of the open permissions at the X server end of the exploit. When run, it grabs a screen shot, keystrokes and some other things.

I don’t recall catching anyone with it.

Don’t mess with Tom.

Phf Exploits

They were using the canonical "execute xterm on the remote box as root with DISPLAY set to my X server" version of the phf exploit.

Tom’s nasty xterm…_