Dailydave mailing list archives
Re: Hacking like it's 1998
From: Adrien Kunysz <adrien () kunysz be>
Date: Fri, 6 Apr 2012 19:03:48 +0100
On Fri, Apr 06, 2012 at 02:08:17AM -0700, Kristian Erik Hermansen wrote:
On Wed, Apr 4, 2012 at 1:04 PM, Alex McGeorge <alexm () immunityinc com> wrote:Our friends at D2 Security* have released a really nice Linux binary to help you do exactly that. The operation is pretty simple, you invoke this program with an argument of the program you want to intercept TTY input/output from and the D2 module conveniently places that data in a file for you to review later. This leads to mischief like: alias ssh='/dev/shm/d2sec_ttymitm /usr/bin/ssh' which is pretty fun! So fun in fact we made a movie about it which you can view here: http://partners.immunityinc.com/movies/D2Sec-TTYMITM.movIn the video, you claim the module requires root to work. Last time I checked (maybe 1998), LD_PRELOAD could hook any user application without such privileges. So how is LD_PRELOAD not superior? ;)
Oh wait if requiring root is OK, I would suggest looking at SystemTap (or DTrace if you are that kind of person): http://stapbofh.krunch.be/ And for non-root backdooring, I like Metlstorm's approach: http://www.insomniasec.com/publications/shellgame.pdf
In case you're concerned that this is purely a marketing effort on our part, if you watch the video all the way to the end you will actually learn a skill your parents probably forgot to teach you. Here's a hint: it's not at all related to IT.Always wanted to learn how to fold a fitted sheet! -- Kristian Erik Hermansen https://profiles.google.com/kristian.hermansen _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Hacking like it's 1998 Alex McGeorge (Apr 05)
- Re: Hacking like it's 1998 Kristian Erik Hermansen (Apr 06)
- Re: Hacking like it's 1998 Adrien Kunysz (Apr 06)
- Re: Hacking like it's 1998 DSquare Security (Apr 12)
- Re: Hacking like it's 1998 Adrien Kunysz (Apr 06)
- Re: Hacking like it's 1998 Kristian Erik Hermansen (Apr 06)