UGN Security Forums
My ProfileMember DirectoryLogin
Search our ForumsView our FAQView our Site Rules
View our CalendarView our Active TopicsGo to our Main Page

UGN Security Store
 

Network Sites UGN Security, The GoNix Initiative, Elite Web Gamers, Back of the Web, EveryDay Helper, VNC Web Design & Development
December
Su M Tu W Th F Sa
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31
Sponsored Links
Latest Postings
Latest Reviews
Topic Options
Rate This Topic
#17313 - 05/31/03 09:12 AM Key-Wrapper
spectre Offline
Junior Member

Registered: 03/05/02
Posts: 56
Loc: 192.168.128.80
Note: this is talking about the *nix oses.

Alright, now there are keyloggers and tcp-ip wrappers. (UDP too, i guess). So here goes my question.

I was reading a past issue of 2600, volume 19 number 3, that discussed creating a fake game in order to trick a new user into giving the game their root password. For example, it would go like this (the output):

Loading...
Error 14: flexer.dll not found
Fatal Error: Dropping to guest shell
Please su back to root.
$su root
Password:

Thats where the Key-Wrapper would come in. In this case, the game didn't ACTUALLY drop, but instead it simply is faking the new user into thinking there was a fatal error and giving the "game" their root password. Most advanced users would look at this and think it queer, but who knows how awake they are when they use it (3:00am linux game sessions. i think you know what I mean).

So what I was wondering is how to insert the equivilent of a TCP-Wrapper into your own system for keyboard input. After the information has been "input" (Carriage Return I guess...), the Wrapper would kick up, look at the information and where it is being sent. It would then have some sort of output:

Information "password" being sent to PID 779. Is this okay (Y/N)?

Maybe not even PID, but the actual program name. That way, if this situation did come around where you didn't know whether it was a real shell or a fake shell, this program would tell you "hey, sensitive data is being sent to this program!".

The program could be as simple as to simply check every single input with program arguments ('keywords' that the user wants under careful watch such as passwords) and if they match, have that output. Or it could have that output for every single input.

Now I could do all of the above except for one part, the most difficult one in my mind. How do I place the wrapper so it intercepts these inputs? Would I have to code it through the kernel, changing some of that information, or is there some system call I can change?

My idea now is to change the PATH location of the shell to my code. Then the code forwards the information to the shell and back or something -- but thats too upfront and in your face. I want a transparent program that scans in the background. I know that for a TCP-IP wrapper could can change the tcpd in inetd.conf (or xinetd) for the wrapper code. Is this possible with my kind of code?

an example wrapper: http://web.archive.org/web/20010604005016/void.box.sk/files/coding/VN-TCP-WRAPPER.c

Much thanks in advance (and tell me if it doesn't make any sense)
-visage
_________________________
http://www.javaspot.net

Top
Sponsored Links
      
#17314 - 05/31/03 10:56 PM Re: Key-Wrapper
spectre Offline
Junior Member

Registered: 03/05/02
Posts: 56
Loc: 192.168.128.80
incase you care, i found the article. its in 19.3, page 14. Coded by Gr@ve_Rose. Just incase you cared...
_________________________
http://www.javaspot.net

Top
#17315 - 06/12/03 04:16 PM Re: Key-Wrapper
SilentRage Offline
DollarDNS Owner

Registered: 03/04/02
Posts: 1273
Loc: OH, USA
So what's the question. If something is possible? Practically anything is possible. The answer is yes.
_________________________
Domain Registration, Hosting, Management
http://www.dollardns.net

Top
#17316 - 06/12/03 08:13 PM Re: Key-Wrapper
visage Offline
Junior Member

Registered: 06/12/03
Posts: 14
Naw. I just was hoping you would code it for me

What I really want to know is where I would place a wrapper like that. I guess it requires knowledge of how the linux kernel works -- which i dont. So I guess my question is more linux related than code related: how does linux handle input from shells?

Maybe I should just create my own secure shell... :-\

Top
#17317 - 06/12/03 09:11 PM Re: Key-Wrapper
SilentRage Offline
DollarDNS Owner

Registered: 03/04/02
Posts: 1273
Loc: OH, USA
To intercept internet traffic and perhaps filter it you'd need to hook the ethernet card. The concept is the same whether you use windows or linux. The implementation may differ though. Reguardless, it is essentially a purpose-specific firewall. Does that answer your question?
_________________________
Domain Registration, Hosting, Management
http://www.dollardns.net

Top
#17318 - 06/12/03 10:57 PM Re: Key-Wrapper
visage Offline
Junior Member

Registered: 06/12/03
Posts: 14
I think you misunderstood my question. I didn't want a tcp wrapper. i could do that easily by putting it in inetd.conf.

I want a text-wrapper that takes whatever you are inputting in the keyboard (before you hit enter or something at shell) and scans it against a bunch of specific, crucial words. Like, a root password or soemthing so that you can only type in the root password into a pid that is a child of an SU or something.

Do you understand now?

Top
#17319 - 06/13/03 06:36 AM Re: Key-Wrapper
pergesu Offline
UGN Elite Poster

Registered: 03/14/02
Posts: 1136
Loc: Pimpin the Colorizzle
That's the same concept as a keylogger dude. Find one and look at the code.

Top
#17320 - 06/13/03 08:50 AM Re: Key-Wrapper
SilentRage Offline
DollarDNS Owner

Registered: 03/04/02
Posts: 1273
Loc: OH, USA
*understands now*

A key-logger is not exactly what he's looking for since he doesn't want to scan ALL keys, just msgs sent to the shell. If it was a keylogger, he would have to try to not scan text input in an email or word processor etc. Also, what if the msg was sent to the shell via a program rather than the keyboard? He may want to filter that as well, dunno.

Is it possible? Yes. I do not know enough of the linux OS to know how programs handle input; How they recieve keystrokes and mouse messages etc. However, the technique would involve hooking the shell's input stream, which should be the same as hooking any running program's input stream on linux. I can't code it, I don't know how it's done, or from the top of my head - how to learn. But I do know it's possible.

And just because I feel like being a cynic, I don't find much use for a program like that. Security checks made at the prompt, and no place else. A purpose specific firewall would be infinitely more useful, and probably already exists. After all, who cares if a program records your password if it never leaves your computer.

*reads first post again*

although, maybe you DO want to intercept traffic sent to other programs (ie keylogger). Just because typing it at the commandline doesn't mean it goes through the shell. In the example above the shell never sees the password, it is the program emulating the shell. So a keylogger or a firewall is the better option.
_________________________
Domain Registration, Hosting, Management
http://www.dollardns.net

Top

Featured Member
Registered: 10/28/14
Posts: 1
Forum Stats
2152 Members
46 Forums
36259 Topics
71429 Posts

Max Online: 1567 @ 04/25/10 05:20 AM
Top Posters
UGN Security 29420
Gremelin 7193
§intå× 3255
SilentRage 1273
Ice 1146
pergesu 1136
Infinite 1041
jonconley 955
Girlie 908
unreal 860
Newest Members
cdefgh368568, HushHush, golqm, Tim050, Gecko666
2151 Registered Users
Who's Online
0 registered (), 284 Guests and 358 Spiders online.
Key: Admin, Global Mod, Mod
Latest News


Donate
  Get Firefox!
Get FireFox!