Obtaining Shell Access via AIM? 88
Quicksilver31337 asks: "I have recently been faced with a challenge of getting shell access via a AIM(for mobile access purposes), where Perl would be used to recieve messages (prolly from specified users only) over AIM, and pass them as shell commands, and finally, returning output to the user over AIM again.
Its seems to be possible to me (maybe using Net::AIM) and I was wondering if anyone has tried something similar with success. Thanks."
GAIM (Score:2, Informative)
Re:GAIM (Score:5, Informative)
Re:why? (Score:1)
he could have the commands be run as a non-privileged user, and sniffing shouldn't really be a concern; he could have the target system only allow messages from people on his buddy list, and add his 'special' user to it.
sounds like a fun project.
a clarification (Score:1)
Re:why? (Score:1)
Re:why? (Score:1)
Most providers have a web gateway that lets you send a message to the phone by filling out a form. A perl script could easily manipulate that. Even better, most of them let the phone receive emails sent to phonenumber@whatever.provider.com, and usually the phone can send some kind of reply. A year ago I got sick of hovering by my computer waiting for an important email, and I set up procmail to forward all messages from that person to my cell phone. I really think an AIM gateway is overkill.
Re:why? (Score:1)
Re:why? (Score:2)
There is a discussion going on there on this very topic.
AIM Shell Bot Source [dangerinfo.com]
I'd look into this as well
Danger IP addresses for your firewalls [dangerinfo.com]
Security? (Score:5, Informative)
You have considered the security aspects of this, right? You're adding whatever security issues AIM has onto your existing system. AIM is not exactly designed to have server-strength security in terms of authentication!
You might be better off using a web-based approach - using client-side certificates, you can at least have some measure of strong authentication between your mobile user and your server. Even better would be to use SSH.
I have a hard time thinking that you didn't consider these other options, so I'm really curious - what other factors are dictating an AIM-based solution? SSH is available for just about every platform.
Re:Security? (Score:2, Interesting)
Re:Security? (Score:2, Insightful)
JOhn
Re:Security? (Score:2, Interesting)
code as a perl plugin on both ends, and you're set.
You (the remote user) open a chat window with the gaim running on the server.
You type:
[ your perl plugin and the remote plugin talk to each other and agree on session keys and whatnot ]
Remote: go ahead.
You type: [commands to execute]
Remote: [responses]
You type:
Remote: see ya.
If the user has access to a web browser with Java 1.0 support, then the gaim plugin or whatever can trivially use s/key or opie to authenticate the user (there are many s/key or opie java applets out there). Similarly, the session can be encrypted (though you'd have to write the applet for that yourself). You'd write your command in one pane, hit a button, the applet will place the encrypted text in the other pane. You paste the encrypted text into your AIM client. When it responds, you paste the encrypted text into the applet, hit a button, and read the response.
This fails in one area -- you can't run commands that read directly from
I'm speculating here, but maybe the poster wants to access servers behind some corporate firewall that allows IM clients but not remote access via ssh.
Re:Security? (Score:1)
Last night I thought about that, and came up with a couple of ways to do it. I need some time to test them out...
I wrote a wrapper for nistp224 [cr.yp.to] in python; that'll take care of the auth/key exchange issue (elliptic curve keys are faster to compute and smaller than RSA/etc keys). I picked python because there already are a few python-based IM clients. Plus I wanted to figure out how to extend python.
Re:Security? (Score:2)
Very risky (Score:4, Informative)
I suppose you could use one time passwords and such... Also, rather than simply taking arbitrary commands from users, it might make sense to present a list of commands that will be accepted; it's just like that famouse joke:
Question: How many people will need to run rm -rf / ?
Answer: Just one.
Re:Very risky (Score:3, Interesting)
You could NOT use one-time passwords, unless you can do bitwise XORing in your head and remember as many bits as you'll ever type. If you can do both those, then you can do RSA in your head too. (Okay, that's a lie, but for our purposes...)
Except when we read "password" as "session key", meaning that text following the password is not sent in the clear, but always changed by a function involving the session key, there's no such thing as a one-time password. Since AIM doesn't have anything that includes that "function", you can only use a session key by doing the operations in your head.
So, no-go.
Re:Very risky (Score:1)
Why not just use a multi-time pad? Its more secure than a one-time pad, and reusable.
Accepted moderations: Troll, Funny
Re:Very risky (Score:1)
Then set up ssh to accept one-time passwords (it is optionally set up like that on the CS machines at Columbia).
The only piece left to do is to set up some kind of timeout in the original environment such that after 5 minutes of inactivity, the ssh session is automatically closed, and instead asks you to log in again. (Replace 5 minutes with whatever value you need.)
Poof: "fairly" secure access: you need access to a specific aim account, knowledge of a hostname and one-time password, but once you're in, you can do about anything you want easily.
Re:Very risky (Score:2)
Re:Very risky (Score:2)
There is no "logging in" to the server; the goal is to have the server only take commands from specific screen names. Authentication and password validation happen through AOL, not his servers. While sessions are generaly sent plain text, login info isn't.
So, what are the real security problems with a setup like this?
Dear Ask Slashdot (Score:4, Funny)
"My object in this is to provide any interested party with valid usernames and passwords, and rip a huge gaping hole in my machine's security.
"Yes, I will probably log in to my root account over this connection, to maximize the possible damage. I think it would be funny for my machine to be part of any number of DDoS attacks, and obscene emails sent to all of my closest relatives.
"Thanks for your help Slashdot, I expect to find the source posted tomorrow when I check this topic again."
Dear Ask Slashdot Poster (Score:5, Funny)
"Hi. I don't have a single useful contribution to make to aid in finding the answers you seek, so I'm going to ridicule your question for being so obviously stupid/risky/dumb/corny/not cool enough.
"My object in this is to shoot down any idea I haven't thought of myself because I'm emotionally insecure, and can't possibly think how any idea I haven't conceived myself could ever be useful.
"Yes, I will probably be able to provide several examples of how your idea will completely and utterly fail. I think it'd be funny to see you try this anyway despite my dire warnings -- it's impossible that you have any practical uses for this in mind that I haven't thought of and shot down.
"Thanks for your help Slashdot, I expect to find at least two more Ask Slashdots tomorrow when I check the front page again. Now my life has meaning."
Man, oh man, is my karma going to be shot to hell for this one :) S'okay. I couldn't resist.
On-topic: Yeah, it's probably not secure. Yeah, it could be goofy or foolish. But *gasp* it might just be a toy on a non-important machine. Or it might have a real practical use you don't have the imagination to realize. Or the guy may want to do it "just because he can."
Re:Dear Ask Slashdot Poster (Score:2)
I can see how it might be cool, might be fun to figure out (so why is he asking instead of hacking it up overnight), but if people don't lock down their machines, they are contributing to one of the major problems the Internet faces.
Re:Dear Ask Slashdot Poster (Score:1)
Life is nastier than that (Score:3, Funny)
More plausibly, he broke into someone *else*'s machine, hooked up perl to their AIM client, and would like nothing better than to have everyone on Slashdot sending it random commands...
Jabber (Score:4, Informative)
Re:Jabber (Score:1)
Hello. (Score:5, Insightful)
If you are willing to use an unsecure transport layer, I have the net:AIM module running on my server, sandboxed with access only to ssh. (It's just for me and a few friends, when we have to be at a public computer and want to log in to do something quickly. A web interface might be easier, but this was just a few pipes).
To log in, query
AIM: jkpsmdto5fny
with "HLO". You will receive instructions on supplying a server to connect to and username / password (again, this will be sent over the AIM network in the clear). Obviously, this is textmode ssh, so there are some limitations, but you should be able to do most of what you want to get done. (Excluding using some programs like vi, obviously).
and your best bet would probably be to spin your own quick web interface -- if whatever you're using to access (cell phone, etc), has AIM support, it can probably connect to an https site as well -- and that's real security.
An SSL license runs you something like $100.
Also: I believe that Microsoft must be destroyed.
Web may not be an option (Score:1)
Re:Web may not be an option (Score:1)
Re:Web may not be an option (Score:1)
I'm working on a project to provide a "virtual shell" (with other goodies like remote file editing, command line history, etc.) via HTTP (but not HTTPS, at least yet, because my client program uses it's own implementation), and there are several similar projects on freshmeat like "wsh" and "websh" (mine will be called, uhh, wwwsh.) Some of the other projects may support SSL.
Re:Web may not be an option (Score:2)
Have your webserver set to it's default user permission but put a sticky bit that allows your script to run with promoted privileges. Of course by doing that you run the risk of security as well. What I would do is make a user that has the permissions you want. restrict to everything but what it needs to run and change and then set the sticky bit on the script so that when it runs it runs as the specified system account.
Just my
I've done this. (Score:5, Informative)
Re:I've done this. (Score:1)
the real URL worth the look [dontpokebadgers.com]
Re:THE SQUIRRELS ARE ATTACKING!!!! (Score:2)
Example (Score:5, Informative)
Here is an example that will try and execute any command sent to it in a message. You'll need to add the appropriate security features.
#!/usr/bin/perl
use Net::AIM;
my $aim = new Net::AIM;
print "Connecting to AIM server..\n";
$aim->newconn ( Screenname => "your account",
Password => "your password",
AutoReconnect => 1
) or die "Connection failed. Fatal Error\n";
my $conn = $aim->getconn();
$conn->set_handler('im_in', \&got_message);
print "Connected.\n";
$aim->start;
sub got_message
{
my ($self, $evt, $from, $to) = @_;
my $args = $evt->args();
my ($nick, $auto_msg, $msg) = @$args;
$retval = `$msg`;
$self->send_im($from, $retval);
}
--------------
Simple as that
Re:Example (Score:3, Funny)
Re:Example (Score:1)
The thinking man's rm -rf
Stephen Thorne.
Re:Example (you could also use perl plugins) (Score:5, Informative)
I just thought id give you another possible answear.
just load this up with gaim perl plugins
NOTE: it might be a good idea to run gaim in a chrooted envirenment but please dont run it as root. (eliminating the rm -rf / problem)
NOTE: this hasnt been tested (for obvious reasons I hope)
my $gaim_version = GAIM::register("remote shell", 0.1,"goodbye", "");
my $only_run_commands_from_user = "your username";
my $user_name = GAIM::get_info(3,GAIM::get_info(1));
GAIM::add_event_handler("event_im_recv","run_me
sub run_me {
my ($index,$from,$mesg) = @_;
if ($from eq $only_run_commands_from_user){
GAIM::write_to_conv($user_name,2,"running command $mesg. have a nice day
open(PIPE, "$mesg | ");
my $send_back = "Output of command: $mesg\n";
while (){
$send_back
}
close(PIPE);
GAIM::print_to_conv($index, $from, $send_back,0);
}
}
sub goodbye {
GAIM::write_to_conv($user_name,2,"Im dying");
}
Re:Example (you could also use perl plugins) (Score:1)
Re:Example (Score:1)
before $retval=`$msg`; add
$msg =~ s/<[^>]*>//g;
I use TAC (Score:3, Interesting)
Yes, I've done it... (Score:5, Funny)
Yes, I've done it. I'll put a tarball on your desktop.
reverse question (Score:2)
and yes, i know of more than a few people who would find this useful. i'm looking at learning enough to code this myself, but google doesn't seem to bring up any matches.
Re:reverse question (Score:1)
Re:reverse question (Score:1)
Re:reverse question (Score:1)
Re:reverse question (Score:1)
They sell 'script kiddie' t-shirts at ThinkDork.com and that's the most popular slogan.
Hi, I can't stand goofy ideas, so... (Score:2)
I'd like someone on Slashdot to post their ideas so I can ridicule them.
For instance, I can post replies to these Ask Slashdot articles with references to random commands like wtf(6) without explaining how they could help me.
Lucky for me, someone on Slashdot understands things like lart(1M) and luser(8), and is going to make me look those up myself.
Hehehehe! Okay, okay, I promised I'd stop, but these are just rolling out like cars off an assembly line.
butterx (Score:2)
he wants it for mobile folks (Score:1)
Here's the reason right here people. Show me how you can send Jabber over a mobile phone or SMS to a desktop machine.
With the right precautions (only accept commands from specific users, and make it a weird one like Difhd9t396Dt96) this could work fine for micro-admining via a phone.
Re:he wants it for mobile folks (Score:1)
Go Ahead (Score:1, Funny)
Set up an AIM->Shell gateway on your box. Give me the AIM number so I can help you debug it please
Re:Go Ahead (Score:2)
Dear God,
Please execute some Slashdot souls who somehow get mod points and abuse them.
There's nothing Troll about my comment above. It's a consise and somewhat funny statement (little smiley being there and all) indicating my opinion to the asker that having an AIM->Shell gateway would be a *really* bad idea. And here you go muting my voice, possibly leading him down the path of insecurity indirectly.
WTF? TROLL?
ARG Slashdot can be so sickening.
good idea, but... (Score:2)
<ramble>
For awhile whenever someone would leave their computer unlocked with AIM open here at work, we would send some messages to theirself(themself?) and then warn their own screenname. We would do this until they reached 100% or the person was heard returning.
This one time I took a screenshot of my desktop with AIM running and set it as my desktop image. I left my computer purposely leaving it unlocked and returned to find a coworker clicking his fingers off.
"Dude, your AIM is fucked up!"
After I told him what I did we all had a good laugh. Needless to say, we all use MSN now.
</ramble>
Maybe you could use email, or SMS, or ICQ?
Re:good idea, but... (Score:2)
you could make it secure! (Score:1)
Sure, it's nearly useless and it's stupid, but what you're suggesting is nearly useless and stupid. Why don't you just set up VNC to use port 80? Hmmm? Would that make things too easy? Oh, I'm sorry, what I meant to ask was "maybe I could use that VNC thing... I hear it's kind of like Remote Desktop, but for Lunix. I hear Perl is cool. I liked Perl Jam in middle school. Where are my Puddle of Mudd CDs?"
Dear lord.
Two things (Score:2)
Second, I take it you're planning on switching to ex for your editing needs? Get yourself your own little unique niche in the vi vs. emacs wars?
Re:Two things (Score:1)
Its simple really... (Score:3, Interesting)
So, the idea here is to allow me to get shell access when i cant get to a full box with a SSH client on it. And as far as security goes, i would clearly only allow it to execute commands that come from my screenname......SO DONT GO GETTING ANY IDEAS!
Furthermore, I appreciate those of you who gave infomative answers, rather then uninformed cynical rantings.
Re:Its simple really... (Score:2)
You might want to consider OTP (one time passwords) for login, so you avoid typing your password plaintext.
Re:Its simple really... (Score:2)
Another Lemming... (Score:1)
You are asking for serious trouble.
OpenSSH connection to a Perl script to prompt users appropriately, would be worlds better than AIM.
You need to clarify exactly why you want to use AIM over another solution to convince Techies.
For example, you want the server to go online to AIM and alert someone, who's monitoring, of a problem and then said person can connect via AIM to resolve the problem. There are many other ways to alert someone including Pager, email, etc. These listed alerts would be better because who's to say the person will actually be on AIM when the server needs them to be there.
Even if you are on a secure connection, you are still using AIM which relies on AOL servers to receive and send the data. This means it goes over the Internet unencrypted and can most certainly be intercepted. Would you want someone who stumbles across you packets connecting to this server and sending commands that execute locally on the server? This scares the hell out of most techies.
Again, state your reasoning and exactly what you are trying to accomplish. If it makes sense then you'll get a logical answer to the question. If it's a poor idea, it will be torn to shreds.
You may be just scratching the surface of an innovative idea that could be solved in a more secure fashion. It's just that you are going about it the wrong way.
Haven't seen this yet (Score:2)
Sorry if this has been posted, but I see a whole bunch of people chastising you for using cleartext AIM, recommending ssh. I personally know of several situations where ssh is not an option, but AIM is.
If it's an option, I suggest using a public key signing at the minimum, best bet would be public key encryption. If a person would be able to take a java applet (or command lines, or GUI, or morse code on the mouse button(s)...) to take the text to send -- commands, passwords, etc., GPG sign or encrypt and spit out what to paste into the AIM window, that may provide security for the server and (only slightly less) usability for the client. Additionally, the server may be able to do the same, so if you could paste the encrypted/signed server text into another application, you'd be able to have more security for what the client sees as well.
This is only worth a damn if you can trust the server and the client. If you can't, you'd be best listening to the 50+ people telling you you're crazy.
My pet project! (Score:2)
User sends a message to a bot listening on some server.
Bot parses message to get command.
Bot checks to see if user is allowed to execute command. This is done by checking an XML conf file which lists all the possible commands and their persmissions (currently theres only two levels of persmissions).
If the user can execute the command it is executed and the result is sent back as a message to the user who executed it.
This method works because I can limit the calls made, but if you wanted to change it to work like a shell that would be pretty easy.
The javaTOC package is what I used to connect to aim. It was written by Jeff Heaton and it works great.
I don't have the source anywhere to view, but if anybody wants it let me know...
Great solution for wireless palm devices. (Score:1)
I have a Handspring Visor with a Visorphone attachment. In conjunction with a dial-in ISP, I can obtain a nice little internet connection. Now that I'm online with my Visor, I can use the spiffy little Palm OS SSH client [offshore.com.ai]. It's a breeze to setup and would provide you with a *cough* secure hand-held remote administration tool. I've used it and it works great for commands and returns, and so-so for things like mutt and vi. For anything else, you have to play with your terminal modes on your *NIX box, though this is not a difficult task.
Hope this helps.
*cough*: 'secure' is a relative term here
Fun idea (Score:1)
Re:Fun idea (Score:1)
Been there, done that (Score:2)
It's a little clunky, but what it does is provides shell access to a system by tunneling commands and output over HTTP. This allows you to log in to your boxen when you are stuck behind a firewall/proxy server that ONLY allows HTTP traffic to pass. Because it uses HTTP, you can also use HTTPS if you have a webserver running on that machine which has SSL enabled, giving you a secure connection.
Source code hasn't been released yet, sorry.
If you're just looking for a lightweight, well-written SSH/Telnet client for Win32, try PuTTY [greenend.org.uk]. It's a single executable (no installer required, no DLL's) which stores configuration info and keys in the registry. The executable can even be stuck on a floppy or CD if you so desire and run from there.
yes you can do this... (Score:3, Informative)
Althought it doesn't currently do anything with the shell, it supports sending commands to an aimbot which then processes the command and does something useful.
To play around with it, send toastsaimbot0 a message on aim.
It is fairly easy to modify, and adding commands to do stuff you'ld like to do should not be too difficult.
It supports authentication based on aim usernames, and will work on ICQ as well (on the odd chance you are in a situation where you can access icq but not aim)
send me an email if you want more details, and/or help getting it to run.
I use AIM to control Winamp from my cell phone! (Score:2, Informative)
Re:I use AIM to control Winamp from my cell phone! (Score:1)
I actually did something like this (Score:3, Interesting)
Make a hash (Score:2, Interesting)
Perhaps you should try this (Score:2)