This article was posted to the Usenet group alt.hackers in
1995; any technical information is probably outdated.
Parent Parent Parent gone Parent
Re: rlogin revealed
Article: 8433 of alt.hackers From: cjsonnack@mmm.com (Chris Sonnack) Newsgroups: alt.hackers Subject: Re: rlogin revealed Date: 10 Aug 1995 10:43:28 -0500 Organization: 3M/IT/EIS (St.Paul,MN 55144) Lines: 75 Approved: byme@isthataproblem.com Message-ID: 40d9f0$ia9@dawn.mmm.com Reply-To: cjsonnack@mmm.com (Chris Sonnack) X-Newsreader: TIN [version 1.2 PL2] Status: RO
Peter Seebach (seebs@solutions.solon.com) wrote:
>> main()
>> {
>> execl("/bin/rlogin jamminbox.site.dom", "vi
thesis.tex", (char *) NULL);
>> }
>
> int
> main(int argc, char *argv[])
> {
> /* ... */
> }
>
> Known bugs:
> [...] commands which only show argv[0] will show 'vi thesis' [...]
You could just show "vi", since you can just invoke vi and use
":e"
to grab (or create) the file you're editing. You version looks much
like mine (we have a nosy manager-wannabe co-employee who likes to
do a ps and see what we're doing...the dork also scans .sh_history
in our $HOME directories, if you can believe that crap!):
This ObHack is good for spoofing the name of a local program, but
doesn't work for remsh and rlogin since these programs actually pay
attention to argv[0]. (NOTE: I'm guessing here, but...)
As most (?) of you probably know, you can set up soft links to remsh
(and I assume rlogin) such that the link name is the name of a host:
ln -s /usr/bin/remsh remote_host_name
Now, you can type "remote_host_name" instead of "remsh
remote_host_name".
How (I think) remsh does this is look at its argv[0] arg. If it's NOT
"remsh", it assumes it's a host name an proceeds from there. What
UNIX
does with a link like above is set argv[0] to the link name, so what
remsh sees in such a situation is argv[0]="remote_host_name".
If you make a quick hack that dumps its args, point a soft link to it
and execute it via the link, you'll see what I mean. Or if you use
Peter's or my program to invoke remsh/rlogin, you'll get an error that
"name_of_spoofing_program" host not found.
#include <ObHack>
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
int main(int argc, char* argv[])
{
if (argc > 1)
{
char** new_argv = (char**) malloc (sizeof(char*)*argc);
int i;
new_argv[0] = "vuedit";
for (i=2; i<argc; i++) new_argv[i-1] = argv[i];
new_argv[argc-1] = NULL;
execvp (argv[1], new_argv);
}
exit(0); return 0;
}
/*** usage: noshow program_name ***/
--
Chris Sonnack | 3M/Information Technology/Engineering Info Svcs
cjsonnack@mmm.com | 3M Center, Bld 42-6E-01, St.Paul, MN, 55144-1000
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
TODAY'S RULE: No Smoffing or Fnargling!
Parent Parent Parent gone Parent