mailing list archives
Re: Securax Advisory 13
From: teleh0r <teleh0r () DOGLOVER COM>
Date: Wed, 3 Jan 2001 06:35:48 +0100
I wrote a shell script which would flood the terminal of a user
trying to log in a long time ago - it was placed on my website
and someone called: "c0sa_n0stra", mailed me and asked me to
explain how it worked and then he was kind enough to send it to
packetstorm, adding his handle in the process (and a ascii cow).
The problem is the way that the telnet daemon assigns a new user
a terminal - when a user is telling the telnetd who he is, and
what his password is, his terminal will be awaiting in /dev/pts/
and writable by anyone. As soon as he has logged in, it will not.
It is still possible for him to log in though, even if a binary is
cat'ed to the terminal.
(but as said by Fyodor, it may mess-up his terminal)
sshd/rshd/rlogind do not behave this way - there will be no writable
terminal in /dev/pts/ while the authentication is taking place.
The below script has been tested on Redhat 6.1 and 6.2.
MYTTY=`tty` # To prevent flooding of one's own TTY
while :; do
for i in $TTYDIR/* ; do
if [ -w $i -a -c $i -a $i != $MYTTY ]; then
cat $NONSENSE > $i
To avoid criticism, do nothing, say nothing, be nothing.
-- Elbert Hubbard
- Securax Advisory 13 incubus (Jan 02)
- <Possible follow-ups>
- Re: Securax Advisory 13 teleh0r (Jan 03)