Your browser does not seem to support CSS. If images appear below, please disregard them.
toggle
April
S M T W T F S
1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
Sponsored Links
Latest Postings
Topic Options
Rate This Topic
#17313 - 05/31/03 01:12 PM Key-Wrapper
Joined: Mar 2002
Posts: 56
spectre Offline
Junior Member
spectre Offline
Junior Member

Joined: Mar 2002
Posts: 56
192.168.128.80
Note: this is talking about the *nix oses.

Alright, now there are keyloggers and tcp-ip wrappers. (UDP too, i guess). So here goes my question.

I was reading a past issue of 2600, volume 19 number 3, that discussed creating a fake game in order to trick a new user into giving the game their root password. For example, it would go like this (the output):

Loading...
Error 14: flexer.dll not found
Fatal Error: Dropping to guest shell
Please su back to root.
$su root
Password:

Thats where the Key-Wrapper would come in. In this case, the game didn't ACTUALLY drop, but instead it simply is faking the new user into thinking there was a fatal error and giving the "game" their root password. Most advanced users would look at this and think it queer, but who knows how awake they are when they use it (3:00am linux game sessions. i think you know what I mean).

So what I was wondering is how to insert the equivilent of a TCP-Wrapper into your own system for keyboard input. After the information has been "input" (Carriage Return I guess...), the Wrapper would kick up, look at the information and where it is being sent. It would then have some sort of output:

Information "password" being sent to PID 779. Is this okay (Y/N)?

Maybe not even PID, but the actual program name. That way, if this situation did come around where you didn't know whether it was a real shell or a fake shell, this program would tell you "hey, sensitive data is being sent to this program!".

The program could be as simple as to simply check every single input with program arguments ('keywords' that the user wants under careful watch such as passwords) and if they match, have that output. Or it could have that output for every single input.

Now I could do all of the above except for one part, the most difficult one in my mind. How do I place the wrapper so it intercepts these inputs? Would I have to code it through the kernel, changing some of that information, or is there some system call I can change?

My idea now is to change the PATH location of the shell to my code. Then the code forwards the information to the shell and back or something -- but thats too upfront and in your face. I want a transparent program that scans in the background. I know that for a TCP-IP wrapper could can change the tcpd in inetd.conf (or xinetd) for the wrapper code. Is this possible with my kind of code?

an example wrapper: http://web.archive.org/web/20010604005016/void.box.sk/files/coding/VN-TCP-WRAPPER.c

Much thanks in advance (and tell me if it doesn't make any sense)
-visage

Top
Sponsored Links
#17314 - 06/01/03 02:56 AM Re: Key-Wrapper
Joined: Mar 2002
Posts: 56
spectre Offline
Junior Member
spectre Offline
Junior Member

Joined: Mar 2002
Posts: 56
192.168.128.80
incase you care, i found the article. its in 19.3, page 14. Coded by [email protected]_Rose. Just incase you cared...

Top
#17315 - 06/12/03 08:16 PM Re: Key-Wrapper
Joined: Mar 2002
Posts: 1,273
SilentRage Offline
DollarDNS Owner
SilentRage Offline
DollarDNS Owner

Joined: Mar 2002
Posts: 1,273
OH, USA
So what's the question. If something is possible? Practically anything is possible. The answer is yes.


Domain Registration, Hosting, Management
http://www.dollardns.net
Top
#17316 - 06/13/03 12:13 AM Re: Key-Wrapper
Joined: Jun 2003
Posts: 14
visage Offline
Junior Member
visage Offline
Junior Member

Joined: Jun 2003
Posts: 14
Naw. I just was hoping you would code it for me

What I really want to know is where I would place a wrapper like that. I guess it requires knowledge of how the linux kernel works -- which i dont. So I guess my question is more linux related than code related: how does linux handle input from shells?

Maybe I should just create my own secure shell... :-\

Top
#17317 - 06/13/03 01:11 AM Re: Key-Wrapper
Joined: Mar 2002
Posts: 1,273
SilentRage Offline
DollarDNS Owner
SilentRage Offline
DollarDNS Owner

Joined: Mar 2002
Posts: 1,273
OH, USA
To intercept internet traffic and perhaps filter it you'd need to hook the ethernet card. The concept is the same whether you use windows or linux. The implementation may differ though. Reguardless, it is essentially a purpose-specific firewall. Does that answer your question?


Domain Registration, Hosting, Management
http://www.dollardns.net
Top
#17318 - 06/13/03 02:57 AM Re: Key-Wrapper
Joined: Jun 2003
Posts: 14
visage Offline
Junior Member
visage Offline
Junior Member

Joined: Jun 2003
Posts: 14
I think you misunderstood my question. I didn't want a tcp wrapper. i could do that easily by putting it in inetd.conf.

I want a text-wrapper that takes whatever you are inputting in the keyboard (before you hit enter or something at shell) and scans it against a bunch of specific, crucial words. Like, a root password or soemthing so that you can only type in the root password into a pid that is a child of an SU or something.

Do you understand now?

Top
#17319 - 06/13/03 10:36 AM Re: Key-Wrapper
Joined: Mar 2002
Posts: 1,136
pergesu Offline
UGN Elite Poster
pergesu Offline
UGN Elite Poster

Joined: Mar 2002
Posts: 1,136
Pimpin the Colorizzle
That's the same concept as a keylogger dude. Find one and look at the code.

Top
#17320 - 06/13/03 12:50 PM Re: Key-Wrapper
Joined: Mar 2002
Posts: 1,273
SilentRage Offline
DollarDNS Owner
SilentRage Offline
DollarDNS Owner

Joined: Mar 2002
Posts: 1,273
OH, USA
*understands now*

A key-logger is not exactly what he's looking for since he doesn't want to scan ALL keys, just msgs sent to the shell. If it was a keylogger, he would have to try to not scan text input in an email or word processor etc. Also, what if the msg was sent to the shell via a program rather than the keyboard? He may want to filter that as well, dunno.

Is it possible? Yes. I do not know enough of the linux OS to know how programs handle input; How they recieve keystrokes and mouse messages etc. However, the technique would involve hooking the shell's input stream, which should be the same as hooking any running program's input stream on linux. I can't code it, I don't know how it's done, or from the top of my head - how to learn. But I do know it's possible.

And just because I feel like being a cynic, I don't find much use for a program like that. Security checks made at the prompt, and no place else. A purpose specific firewall would be infinitely more useful, and probably already exists. After all, who cares if a program records your password if it never leaves your computer.

*reads first post again*

although, maybe you DO want to intercept traffic sent to other programs (ie keylogger). Just because typing it at the commandline doesn't mean it goes through the shell. In the example above the shell never sees the password, it is the program emulating the shell. So a keylogger or a firewall is the better option.


Domain Registration, Hosting, Management
http://www.dollardns.net
Top

Member Spotlight
Gremelin

Gremelin
Portland, OR; USA
Posts: 7,194
Joined: February 2002
Show All Member Profiles 
Forum Statistics
Forums46
Topics45,509
Posts80,677
Members2,157
Most Online1,567
Apr 25th, 2010
Top Posters(All Time)
UGN Security 38,673
Gremelin 7,194
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Newest Members
Herbert_Sherbert, codemauve, Lillysdragon1984, Brewwit, boa
2157 Registered Users
Who's Online Now
0 registered members (), 2 guests and 1 spider.
Latest News