Previous Thread
Next Thread
Print Thread
Rate Thread
#17313 05/31/03 06:12 AM
Joined: Mar 2002
Posts: 56
S
spectre Offline OP
Junior Member
OP Offline
Junior Member
S
Joined: Mar 2002
Posts: 56
Note: this is talking about the *nix oses.

Alright, now there are keyloggers and tcp-ip wrappers. (UDP too, i guess). So here goes my question.

I was reading a past issue of 2600, volume 19 number 3, that discussed creating a fake game in order to trick a new user into giving the game their root password. For example, it would go like this (the output):

Loading...
Error 14: flexer.dll not found
Fatal Error: Dropping to guest shell
Please su back to root.
$su root
Password:

Thats where the Key-Wrapper would come in. In this case, the game didn't ACTUALLY drop, but instead it simply is faking the new user into thinking there was a fatal error and giving the "game" their root password. Most advanced users would look at this and think it queer, but who knows how awake they are when they use it (3:00am linux game sessions. i think you know what I mean).

So what I was wondering is how to insert the equivilent of a TCP-Wrapper into your own system for keyboard input. After the information has been "input" (Carriage Return I guess...), the Wrapper would kick up, look at the information and where it is being sent. It would then have some sort of output:

Information "password" being sent to PID 779. Is this okay (Y/N)?

Maybe not even PID, but the actual program name. That way, if this situation did come around where you didn't know whether it was a real shell or a fake shell, this program would tell you "hey, sensitive data is being sent to this program!".

The program could be as simple as to simply check every single input with program arguments ('keywords' that the user wants under careful watch such as passwords) and if they match, have that output. Or it could have that output for every single input.

Now I could do all of the above except for one part, the most difficult one in my mind. How do I place the wrapper so it intercepts these inputs? Would I have to code it through the kernel, changing some of that information, or is there some system call I can change?

My idea now is to change the PATH location of the shell to my code. Then the code forwards the information to the shell and back or something -- but thats too upfront and in your face. I want a transparent program that scans in the background. I know that for a TCP-IP wrapper could can change the tcpd in inetd.conf (or xinetd) for the wrapper code. Is this possible with my kind of code?

an example wrapper: http://web.archive.org/web/20010604005016/void.box.sk/files/coding/VN-TCP-WRAPPER.c

Much thanks in advance (and tell me if it doesn't make any sense)
-visage

#17314 05/31/03 07:56 PM
Joined: Mar 2002
Posts: 56
S
spectre Offline OP
Junior Member
OP Offline
Junior Member
S
Joined: Mar 2002
Posts: 56
incase you care, i found the article. its in 19.3, page 14. Coded by Gr@ve_Rose. Just incase you cared...

#17315 06/12/03 01:16 PM
Joined: Mar 2002
Posts: 1,273
DollarDNS Owner
Offline
DollarDNS Owner
Joined: Mar 2002
Posts: 1,273
So what's the question. If something is possible? Practically anything is possible. The answer is yes.


Domain Registration, Hosting, Management
http://www.dollardns.net
#17316 06/12/03 05:13 PM
Joined: Jun 2003
Posts: 14
V
Junior Member
Offline
Junior Member
V
Joined: Jun 2003
Posts: 14
Naw. I just was hoping you would code it for me wink

What I really want to know is where I would place a wrapper like that. I guess it requires knowledge of how the linux kernel works -- which i dont. So I guess my question is more linux related than code related: how does linux handle input from shells?

Maybe I should just create my own secure shell... :-\

#17317 06/12/03 06:11 PM
Joined: Mar 2002
Posts: 1,273
DollarDNS Owner
Offline
DollarDNS Owner
Joined: Mar 2002
Posts: 1,273
To intercept internet traffic and perhaps filter it you'd need to hook the ethernet card. The concept is the same whether you use windows or linux. The implementation may differ though. Reguardless, it is essentially a purpose-specific firewall. Does that answer your question?


Domain Registration, Hosting, Management
http://www.dollardns.net
#17318 06/12/03 07:57 PM
Joined: Jun 2003
Posts: 14
V
Junior Member
Offline
Junior Member
V
Joined: Jun 2003
Posts: 14
I think you misunderstood my question. I didn't want a tcp wrapper. i could do that easily by putting it in inetd.conf.

I want a text-wrapper that takes whatever you are inputting in the keyboard (before you hit enter or something at shell) and scans it against a bunch of specific, crucial words. Like, a root password or soemthing so that you can only type in the root password into a pid that is a child of an SU or something.

Do you understand now?

#17319 06/13/03 03:36 AM
Joined: Mar 2002
Posts: 1,136
P
UGN Elite Poster
Offline
UGN Elite Poster
P
Joined: Mar 2002
Posts: 1,136
That's the same concept as a keylogger dude. Find one and look at the code.

#17320 06/13/03 05:50 AM
Joined: Mar 2002
Posts: 1,273
DollarDNS Owner
Offline
DollarDNS Owner
Joined: Mar 2002
Posts: 1,273
*understands now*

A key-logger is not exactly what he's looking for since he doesn't want to scan ALL keys, just msgs sent to the shell. If it was a keylogger, he would have to try to not scan text input in an email or word processor etc. Also, what if the msg was sent to the shell via a program rather than the keyboard? He may want to filter that as well, dunno.

Is it possible? Yes. I do not know enough of the linux OS to know how programs handle input; How they recieve keystrokes and mouse messages etc. However, the technique would involve hooking the shell's input stream, which should be the same as hooking any running program's input stream on linux. I can't code it, I don't know how it's done, or from the top of my head - how to learn. But I do know it's possible.

And just because I feel like being a cynic, I don't find much use for a program like that. Security checks made at the prompt, and no place else. A purpose specific firewall would be infinitely more useful, and probably already exists. After all, who cares if a program records your password if it never leaves your computer.

*reads first post again*

although, maybe you DO want to intercept traffic sent to other programs (ie keylogger). Just because typing it at the commandline doesn't mean it goes through the shell. In the example above the shell never sees the password, it is the program emulating the shell. So a keylogger or a firewall is the better option.


Domain Registration, Hosting, Management
http://www.dollardns.net

Link Copied to Clipboard
Member Spotlight
Posts: 43
Joined: November 2002
Forum Statistics
Forums41
Topics33,840
Posts68,858
Average Daily Posts1
Members2,176
Most Online3,253
Jan 13th, 2020
Latest Postings
Where and how do you torrent?
by danni75 - 03/01/24 05:58 AM
Animation,
by JohanKaariainen - 08/15/19 01:18 AM
Blackbeard.....
by Gremelin - 10/03/18 07:02 PM
my old account still exists!
by Crime - 08/10/18 02:47 PM
Okay WTF?
by HenryMiring - 09/27/17 01:45 AM
The History Thread...
by Gremelin - 08/11/17 12:11 PM
My friend NEEDS your HELP!
by Lena01 - 07/21/17 12:06 AM
I'm having fun with this guy.
by gabithompson730 - 07/20/17 01:50 AM
I want to upgrade my phone
by gabithompson730 - 07/20/17 01:49 AM
Doom 3
by Cyrez - 09/11/14 08:58 PM
Amazon Gift Card Generator/KeyGen?te
by Gecko666 - 08/22/14 09:21 AM
AIM scene 99-03
by lavos - 09/02/13 08:06 AM
Planetside 2
by Crime - 03/04/13 07:10 AM
Beta Testers Wanted
by Crime - 03/04/13 06:55 AM
Hello Everyone
by Gremelin - 02/12/12 06:01 PM
Tracfone ESN Generator
by Zanvin Green - 01/18/12 01:31 PM
Python 3 issue
by Testing - 12/17/11 09:28 PM
tracfone airtime
by Drache86 - 07/30/11 03:37 AM
Backdoors and the Infinite
by ZeroCoolStar - 07/10/11 03:52 AM
HackThisZIne #12 Releaseed!
by Pipat2 - 04/28/11 09:20 PM
gang wars? l33t-wars?
by Gremelin - 04/28/11 05:56 AM
Consolidate Forums
by diggin2deep - 04/21/11 10:02 AM
LAN Hacking Noob
by Gremelin - 03/12/11 12:42 AM
Top Posters
UGN Security 41,392
Gremelin 7,203
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Likes Received
Ghost 2
unreal 1
Crime 1
Ice 1
Dartur 1
Powered by UBB.threads™ PHP Forum Software 7.7.5