[Dailydave] Hacking like it's 1998
DSquare Security
info at d2sec.com
Wed Apr 11 19:39:23 EDT 2012
On Fri, Apr 06, 2012 at 07:03:48PM +0100, Adrien Kunysz wrote:
> On Fri, Apr 06, 2012 at 02:08:17AM -0700, Kristian Erik Hermansen wrote:
> > In the video, you claim the module requires root to work. Last time I
> > checked (maybe 1998), LD_PRELOAD could hook any user application
> > without such privileges. So how is LD_PRELOAD not superior? ;)
>
> Oh wait if requiring root is OK, I would suggest looking at SystemTap
> (or DTrace if you are that kind of person): http://stapbofh.krunch.be/
>
> And for non-root backdooring, I like Metlstorm's approach:
> http://www.insomniasec.com/publications/shellgame.pdf
>
d2sec_ttymitm doesn't require root privileges to work. We know that LD_PRELOAD
could hook any user application without such privileges. But this tool is only
another way to backdoor applications as su, sudo or ssh, with tty devices.
It's nothing else.
--
DSquare Security, LLC
http://www.d2sec.com
More information about the Dailydave
mailing list