"Do you think it is possible ?"
Yes, it's definitely possible. I, and many others have done it.
"should I consider any thing extra?"
Yes, the ethical and moral obligations you have to yourself and others.
...ain't nobody around here going to help you script-kiddy around anything, so once you show the code you've got, feel free to ask questions related to the specific issues you're having. That way, if anyone here provides code, we'll be confident that you have a legitimate reason for snooping on traffic that isn't yours.
| [reply] |
As said before.
It is not a ilegitimate action.
I will explain it better for those who think I want to damage something.
Billing system from my isp company can not implement api integration with an new service router we recently bought.
Billing system vendor is out of business, I can not request to deploy api integration and can not modified it.
Both assests belongs to my , are inside my company , installed next each other on same datacenter.
Intercepting its commands is just a workaround I came up to solve my integration problem.
Regards.
Leandro
| [reply] |
Telnet isn't just a terminal.
It is a protocol spoken between client and server.
Intercepting such a session requires to implement the server side. See RFC 854
Greetings,
-jo
$gryYup$d0ylprbpriprrYpkJl2xyl~rzg??P~5lp2hyl0p$
| [reply] |
Dear jo , this is my first attempt.
From the client side it seems to work,
I can telnet , insert my user , then it request my password and it seems similar to original shell.
But when trying from legitimate telnet client it does not.
Im also thinking the idea of creating a real linux server with telnet login and then redirect telnet daemon to a custom script (like a pseudo shell). I need to find out all pieces and make them work togheter.
This is my perl telnet server:
#!/usr/bin/perl -w
use IO::Socket;
use Net::hostent; # for OO version of gethostbyaddr
$PORT = 9000; # pick something not in use
$prompt="MA5680T>";
$server = IO::Socket::INET->new( Proto => 'tcp',
LocalPort => $PORT,
Listen => SOMAXCONN,
Reuse => 1);
die "can't setup server" unless $server;
print "[Server $0 accepting clients]\n";
while ($client = $server->accept()) {
$client->autoflush(1);
#print $client "Welcome to $0; type help for command list.\n";
#$hostinfo = gethostbyaddr($client->peeraddr);
#printf "[Connect from %s]\n", $hostinfo->name || $client->peerhost
+;
print $client "\n";
print $client "Warning: Telnet is not a secure protocol, and it is
+recommended to use Stelnet.";
print $client "\n";
print $client "\n";
print $client ">>User name:";
while ( <$client>) {
next unless /\S/; # blank line
print "\nlinea :$_";
if (/quit|exit/i) { last;
+ }
elsif (/leo/i) { printf $client "\n>>User password:"; }
elsif (/password/i) { printf $client "\n$prompt"; }
else {
print $client "\n$prompt";
}
} continue {
#print $client $prompt;
}
close $client;
}
Regards,
Leandro | [reply]
[d/l] |
Though this is a rudimentary server, it is not a telnet server.
It depends on the client if it is willing to communicate with such a non-telnet endpoint.
I think it would be easier to replace the login shell of the user with some interceptor.
That way the application would talk to a real telnetd, which - after authenticating the client - will connect it to your login shell replacement, where you may perform anything you like.
Greetings,
-jo
$gryYup$d0ylprbpriprrYpkJl2xyl~rzg??P~5lp2hyl0p$
| [reply] |
