[Dailydave] Hacking like it's 1998

Adrien Kunysz adrien at kunysz.be
Fri Apr 6 14:03:48 EDT 2012


On Fri, Apr 06, 2012 at 02:08:17AM -0700, Kristian Erik Hermansen wrote:
> On Wed, Apr 4, 2012 at 1:04 PM, Alex McGeorge <alexm at immunityinc.com> wrote:
> > Our friends at D2 Security* have released a really nice Linux binary to
> > help you do exactly that. The operation is pretty simple, you invoke
> > this program with an argument of the program you want to intercept TTY
> > input/output from and the D2 module conveniently places that data in a
> > file for you to review later. This leads to mischief like: alias
> > ssh='/dev/shm/d2sec_ttymitm /usr/bin/ssh' which is pretty fun! So fun in
> > fact we made a movie about it which you can view here:
> > http://partners.immunityinc.com/movies/D2Sec-TTYMITM.mov
> 
> In the video, you claim the module requires root to work. Last time I
> checked (maybe 1998), LD_PRELOAD could hook any user application
> without such privileges. So how is LD_PRELOAD not superior? ;)

Oh wait if requiring root is OK, I would suggest looking at SystemTap
(or DTrace if you are that kind of person): http://stapbofh.krunch.be/

And for non-root backdooring, I like Metlstorm's approach:
http://www.insomniasec.com/publications/shellgame.pdf

> > In case you're concerned that this is purely a marketing effort on our
> > part, if you watch the video all the way to the end you will actually
> > learn a skill your parents probably forgot to teach you. Here's a hint:
> > it's not at all related to IT.
> 
> Always wanted to learn how to fold a fitted sheet!
> -- 
> Kristian Erik Hermansen
> https://profiles.google.com/kristian.hermansen
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20120406/27b3d2d4/attachment.sig>


More information about the Dailydave mailing list