[Dailydave] Hacking like it's 1998
alexm at immunityinc.com
Wed Apr 4 16:04:09 EDT 2012
Most of you probably remember futzing around with people's .profile back
in the day. Did you ever make obnoxious aliases to troll your friends
when you rooted their boxes? Like RMing any file they cat? You've
probably realized that you can use those experiences for more productive
aims, like stealing passwords!
Our friends at D2 Security* have released a really nice Linux binary to
help you do exactly that. The operation is pretty simple, you invoke
this program with an argument of the program you want to intercept TTY
input/output from and the D2 module conveniently places that data in a
file for you to review later. This leads to mischief like: alias
ssh='/dev/shm/d2sec_ttymitm /usr/bin/ssh' which is pretty fun! So fun in
fact we made a movie about it which you can view here:
In case you're concerned that this is purely a marketing effort on our
part, if you watch the video all the way to the end you will actually
learn a skill your parents probably forgot to teach you. Here's a hint:
it's not at all related to IT.
*www.d2sec.com , d2 is a really popular name it seems.
1130 Washington Avenue 8th Floor
Miami Beach, Florida 33139
More information about the Dailydave