Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Perl Programming

Obtaining Shell Access via AIM? 88

Quicksilver31337 asks: "I have recently been faced with a challenge of getting shell access via a AIM(for mobile access purposes), where Perl would be used to recieve messages (prolly from specified users only) over AIM, and pass them as shell commands, and finally, returning output to the user over AIM again. Its seems to be possible to me (maybe using Net::AIM) and I was wondering if anyone has tried something similar with success. Thanks."
This discussion has been archived. No new comments can be posted.

Obtaining Shell Access via AIM?

Comments Filter:
  • GAIM (Score:2, Informative)

    http://gaim.sourceforge.net/ - GAIM [sourceforge.net] is an open source Linux client. It shouldn't be hard to gut the code for everything needed to send/recive messages, connect, and anything else protocal related, and then just make your program act off that as if it were a string. I'm sorry I don't have more information, as I'm not experianced in that area and havn't tried it before... but that's what I would do if faced with the challenge.
    • Re:GAIM (Score:5, Informative)

      by Anglophile ( 587676 ) on Tuesday October 22, 2002 @11:44PM (#4510209) Homepage
      MattCohn's right in that Gaim is the program you want to use, but the good news is your don't even have to gut the code! Gaim supports perl plugins, which can even act as AIM Bots. So, what you could do (quite easily in fact - download Gaim, unpack and read the doc on Perl modding in one of the source code subdirectories) is write a bot that stays online, listens for your commands, and then executes them on your machine. However, you may want to be careful as someone could easily execute malicious code on your computer!
  • Security? (Score:5, Informative)

    by tm2b ( 42473 ) on Tuesday October 22, 2002 @11:49PM (#4510229) Journal
    I know sounds obvious, but...

    You have considered the security aspects of this, right? You're adding whatever security issues AIM has onto your existing system. AIM is not exactly designed to have server-strength security in terms of authentication!

    You might be better off using a web-based approach - using client-side certificates, you can at least have some measure of strong authentication between your mobile user and your server. Even better would be to use SSH.

    I have a hard time thinking that you didn't consider these other options, so I'm really curious - what other factors are dictating an AIM-based solution? SSH is available for just about every platform.
    • Re:Security? (Score:2, Interesting)

      by Anonymous Coward
      Obviously he's intending to use this to break into somebody elses' machine. He's considered security issues extensively.
      • Re:Security? (Score:2, Insightful)

        by Milican ( 58140 )
        Or he could be trying to access from a cell phone or PDA. Most likely cell phone. There are AIM clients for Sprint Wireless Web, but no telnet or ssh client.

        JOhn
    • Re:Security? (Score:2, Interesting)

      by rplacd ( 123904 )
      A lot of this depends on what the remote user has access to. If you've got gaim on the user end, you can write your auth/encryption
      code as a perl plugin on both ends, and you're set.

      You (the remote user) open a chat window with the gaim running on the server.
      You type: /auth
      [ your perl plugin and the remote plugin talk to each other and agree on session keys and whatnot ]
      Remote: go ahead.
      You type: [commands to execute]
      Remote: [responses]
      You type: /end
      Remote: see ya.

      If the user has access to a web browser with Java 1.0 support, then the gaim plugin or whatever can trivially use s/key or opie to authenticate the user (there are many s/key or opie java applets out there). Similarly, the session can be encrypted (though you'd have to write the applet for that yourself). You'd write your command in one pane, hit a button, the applet will place the encrypted text in the other pane. You paste the encrypted text into your AIM client. When it responds, you paste the encrypted text into the applet, hit a button, and read the response.

      This fails in one area -- you can't run commands that read directly from /dev/tty (examples: sudo, passwd, etc).

      I'm speculating here, but maybe the poster wants to access servers behind some corporate firewall that allows IM clients but not remote access via ssh.
      • Have you considered that non-native English speakers might not know what "go ahead", and "see ya" mean in this context? Let me guess...no.
  • Very risky (Score:4, Informative)

    by ajuda ( 124386 ) on Tuesday October 22, 2002 @11:50PM (#4510238)
    Do you really want to log into a shell using an unencrypted IM chat? There's a reason why SSH took over for telnet. I have a feeling that if a perl command were to automatically take commands without passwords, you would be in for a nasty suprise from script kiddies and crackers.

    I suppose you could use one time passwords and such... Also, rather than simply taking arbitrary commands from users, it might make sense to present a list of commands that will be accepted; it's just like that famouse joke:

    Question: How many people will need to run rm -rf / ?
    Answer: Just one.
    • Re:Very risky (Score:3, Interesting)

      by 3-State Bit ( 225583 )
      I suppose you could use one time passwords and such...
      You could NOT use one-time passwords, unless you can do bitwise XORing in your head and remember as many bits as you'll ever type. If you can do both those, then you can do RSA in your head too. (Okay, that's a lie, but for our purposes...)
      Except when we read "password" as "session key", meaning that text following the password is not sent in the clear, but always changed by a function involving the session key, there's no such thing as a one-time password. Since AIM doesn't have anything that includes that "function", you can only use a session key by doing the operations in your head.
      So, no-go.
      • Why not just use a multi-time pad? Its more secure than a one-time pad, and reusable.

        Accepted moderations: Troll, Funny

      • Sure you can use one-time passwords. Set it up like the poster above, where the aim module is in a chroot'd environment with only access to ssh.

        Then set up ssh to accept one-time passwords (it is optionally set up like that on the CS machines at Columbia).

        The only piece left to do is to set up some kind of timeout in the original environment such that after 5 minutes of inactivity, the ssh session is automatically closed, and instead asks you to log in again. (Replace 5 minutes with whatever value you need.)

        Poof: "fairly" secure access: you need access to a specific aim account, knowledge of a hostname and one-time password, but once you're in, you can do about anything you want easily.
      • One-time passwords, not one-time pads.
    • Do you really want to log into a shell using an unencrypted IM chat?

      There is no "logging in" to the server; the goal is to have the server only take commands from specific screen names. Authentication and password validation happen through AOL, not his servers. While sessions are generaly sent plain text, login info isn't.

      So, what are the real security problems with a setup like this?

  • by cybermace5 ( 446439 ) <g.ryan@macetech.com> on Tuesday October 22, 2002 @11:52PM (#4510247) Homepage Journal
    "Hi. I'd like to provide shell access to my machine. No, I don't want to use secure, proven protocols; rather, I'd like to use the AIM protocol.

    "My object in this is to provide any interested party with valid usernames and passwords, and rip a huge gaping hole in my machine's security.

    "Yes, I will probably log in to my root account over this connection, to maximize the possible damage. I think it would be funny for my machine to be part of any number of DDoS attacks, and obscene emails sent to all of my closest relatives.

    "Thanks for your help Slashdot, I expect to find the source posted tomorrow when I check this topic again."
    • by willfe ( 6537 ) <willfe@gmail.com> on Wednesday October 23, 2002 @02:04AM (#4510662) Homepage

      "Hi. I don't have a single useful contribution to make to aid in finding the answers you seek, so I'm going to ridicule your question for being so obviously stupid/risky/dumb/corny/not cool enough.

      "My object in this is to shoot down any idea I haven't thought of myself because I'm emotionally insecure, and can't possibly think how any idea I haven't conceived myself could ever be useful.

      "Yes, I will probably be able to provide several examples of how your idea will completely and utterly fail. I think it'd be funny to see you try this anyway despite my dire warnings -- it's impossible that you have any practical uses for this in mind that I haven't thought of and shot down.

      "Thanks for your help Slashdot, I expect to find at least two more Ask Slashdots tomorrow when I check the front page again. Now my life has meaning."

      Man, oh man, is my karma going to be shot to hell for this one :) S'okay. I couldn't resist.

      On-topic: Yeah, it's probably not secure. Yeah, it could be goofy or foolish. But *gasp* it might just be a toy on a non-important machine. Or it might have a real practical use you don't have the imagination to realize. Or the guy may want to do it "just because he can."

      • No, I can't think of a good reason to offer your machine up to any interested script kiddie. The box itself may be unimportant, but it only takes a bunch of "unimportant, don't care if you root me" boxes to make serious DDoS network.

        I can see how it might be cool, might be fun to figure out (so why is he asking instead of hacking it up overnight), but if people don't lock down their machines, they are contributing to one of the major problems the Internet faces.
        • I guess that's my point -- you don't know for certain that this thing will be insecure. How do you know he doesn't intend to just use the AIM interface as a gateway to a jailed or chroot'ed ironbox shell? Yeah, there's plenty of risk for compromise here, but this isn't much different than the various free sites you can telnet/SSH to without any kind of verification at all.
    • Yes, I will probably log in to my root account over this connection, to maximize the possible damage. I think it would be funny for my machine to be part of any number of DDoS attacks, and obscene emails sent to all of my closest relatives.

      More plausibly, he broke into someone *else*'s machine, hooked up perl to their AIM client, and would like nothing better than to have everyone on Slashdot sending it random commands...
  • Jabber (Score:4, Informative)

    by gehrehmee ( 16338 ) on Wednesday October 23, 2002 @12:01AM (#4510290) Homepage
    Completely ignoreing the security issues here, you might have better luck with Jabber.
    1. It'll get you aim connectivity transparently.
    2. It's all XML, so it has an inherent structure to it that's very clear.
    3. There are lots of library implementations, so you can program your stuff in perl, python, VB, java, C.. for windows, linux, mac... whatever you feel most comfortable with.
    4. There are lots of people who know what they're doing, and are typically more then willing to help.
    jabber.org [jabber.org] should have everything you need, including links to client software to get you started, instructions on running your own server, and instructions on how to join in on jabber group chat: You can try joining the "jdev" channel on conference.jabber.org (that's jabber conferencing, NOT irc!).
    • Amen. Jabber is so easy first off. You don't need to use the funky proprietary AIM connection stuff, you can have secure SSL connections, you run the server, and finally you can connect to AIM over jabber leaving the hard work to others, but still getting done what you need done. Jabber is most definately what you are looking for, I don't see how you could go any other way. The people in jdev are very willing to help, although jabber is so easy you shouldn't need any ;)
  • Hello. (Score:5, Insightful)

    by 3-State Bit ( 225583 ) on Wednesday October 23, 2002 @12:02AM (#4510298)
    Two considerations.
    1. The AIM protocol is not end-to-end secure.
      If you are willing to use an unsecure transport layer, I have the net:AIM module running on my server, sandboxed with access only to ssh. (It's just for me and a few friends, when we have to be at a public computer and want to log in to do something quickly. A web interface might be easier, but this was just a few pipes).
      To log in, query
      AIM: jkpsmdto5fny
      with "HLO". You will receive instructions on supplying a server to connect to and username / password (again, this will be sent over the AIM network in the clear). Obviously, this is textmode ssh, so there are some limitations, but you should be able to do most of what you want to get done. (Excluding using some programs like vi, obviously).
    2. If you actually want to have some security (including running your own server instead of using mine) you should ditch the AIM network entirely,
      and your best bet would probably be to spin your own quick web interface -- if whatever you're using to access (cell phone, etc), has AIM support, it can probably connect to an https site as well -- and that's real security.
      An SSL license runs you something like $100.


    Also: I believe that Microsoft must be destroyed.
    • He may not have web support. Take for example the cell phone I got from AT&T. First, I don't think it has web support. Second, I wouldn't want to pay for their PocketNet service anyway. However, it does apparently have AIM connectivity (for a fee). Basically, there is a gateway between SMS and AIM that I can send to like any other SMS number. In this situation, using the web wouldn't be an option. But using AIM would.
      • I have a Hiptop with a full web browser, and i wrote some php protected my SSL, and .htaccess, however as you should guess i can only excute commands allowed by the user running apache, which is clearly www and im not about to make every script-kiddie's day from here to kalamazoo and run apache as anyone else. So thats why I need more then a web interface.
        • You can set up Apache to run CGI's as your own user, via sudo, or something of the like. Sorry I don't have any links or info, googling should probably provide something.

          I'm working on a project to provide a "virtual shell" (with other goodies like remote file editing, command line history, etc.) via HTTP (but not HTTPS, at least yet, because my client program uses it's own implementation), and there are several similar projects on freshmeat like "wsh" and "websh" (mine will be called, uhh, wwwsh.) Some of the other projects may support SSL.
        • Why not just make it webbased

          Have your webserver set to it's default user permission but put a sticky bit that allows your script to run with promoted privileges. Of course by doing that you run the risk of security as well. What I would do is make a user that has the permissions you want. restrict to everything but what it needs to run and change and then set the sticky bit on the script so that when it runs it runs as the specified system account.

          Just my .02
  • I've done this. (Score:5, Informative)

    by FoxIVX ( 104861 ) on Wednesday October 23, 2002 @12:14AM (#4510360)
    I did pretty much this exact thing as a proof of concept. You can download it from www.dontpokebadgers.com and modify it as you see fit.
  • Example (Score:5, Informative)

    by mfos.org ( 471768 ) on Wednesday October 23, 2002 @12:21AM (#4510389)
    Seeing as noone is really helping out, I'll give you a bit of example code. I have an AIM->Comment gateway for my blog.

    Here is an example that will try and execute any command sent to it in a message. You'll need to add the appropriate security features.

    #!/usr/bin/perl

    use Net::AIM;

    my $aim = new Net::AIM;

    print "Connecting to AIM server..\n";
    $aim->newconn ( Screenname => "your account",
    Password => "your password",
    AutoReconnect => 1
    ) or die "Connection failed. Fatal Error\n";

    my $conn = $aim->getconn();

    $conn->set_handler('im_in', \&got_message);
    print "Connected.\n";
    $aim->start;

    sub got_message
    {
    my ($self, $evt, $from, $to) = @_;
    my $args = $evt->args();
    my ($nick, $auto_msg, $msg) = @$args;

    $retval = `$msg`;

    $self->send_im($from, $retval);
    }

    --------------
    Simple as that
    • Where's the part that goes "rm -rf /*"? :)
    • by agnosonga ( 601770 ) on Wednesday October 23, 2002 @01:18AM (#4510547) Homepage
      this is obviously very risky.
      I just thought id give you another possible answear.
      just load this up with gaim perl plugins

      NOTE: it might be a good idea to run gaim in a chrooted envirenment but please dont run it as root. (eliminating the rm -rf / problem)

      NOTE: this hasnt been tested (for obvious reasons I hope)

      my $gaim_version = GAIM::register("remote shell", 0.1,"goodbye", "");

      my $only_run_commands_from_user = "your username";

      my $user_name = GAIM::get_info(3,GAIM::get_info(1));

      GAIM::add_event_handler("event_im_recv","run_me" );

      sub run_me {
      my ($index,$from,$mesg) = @_;
      if ($from eq $only_run_commands_from_user){
      GAIM::write_to_conv($user_name,2,"running command $mesg. have a nice day :-D");

      open(PIPE, "$mesg | ");
      my $send_back = "Output of command: $mesg\n";
      while (){
      $send_back .= $_;
      }
      close(PIPE);
      GAIM::print_to_conv($index, $from, $send_back,0);
      }
      }

      sub goodbye {
      GAIM::write_to_conv($user_name,2,"Im dying");
      }

      • The trouble with GAIMs perl interface is that it's bloody unstable. I can have nonworking code, add a line with nothing but "1;" on it, and have it work suddenly. Sometimes nothing syntactically wrong breaks it, sometime minor syntax errors don't break it.
    • That's great, but you left out one line. Since AIM send messages in html format you will need to strip out the html tags. I have verified that this works, but be sure not to run commands that don't return because there is no ^c or ^z.

      before $retval=`$msg`; add

      $msg =~ s/<[^>]*>//g;
  • I use TAC (Score:3, Interesting)

    by MiTEG ( 234467 ) on Wednesday October 23, 2002 @12:28AM (#4510408) Homepage Journal
    I usually use TAC [tmok.com] as my AIM client when using a Linux system. It's great because it's small, console based, and is pretty flexible. If you want to mess around with it you'll have to know a bit of TCL, but I don't think it's still being developed so you're not likely to get much help. By default it supports logging to a file as well as reading from a file to send messages, so it wouldn't require much hacking to get a quick and dirty version working of what you want. Possibly try logging messages with the content you want executed to a script file, then something else to specify when to execute the script. It wouldn't be pretty or secure but it might do what you want.
  • by Raskolnk ( 26414 ) on Wednesday October 23, 2002 @12:38AM (#4510444)
    "...I was wondering if anyone has tried something similar with success. Thanks."

    Yes, I've done it. I'll put a tarball on your desktop.
  • there exists an emacs version of aim (tnt on sourceforge, which is well hidden), which allows you to access aim from the terminal. does anyone know of a standalone aim client that can be accessed viat the terminal?

    and yes, i know of more than a few people who would find this useful. i'm looking at learning enough to code this myself, but google doesn't seem to bring up any matches.
  • by leiz ( 35205 )
    A quick search on freshmeat churned out butterx [freshmeat.net]
  • via a AIM(for mobile access purposes)

    Here's the reason right here people. Show me how you can send Jabber over a mobile phone or SMS to a desktop machine.

    With the right precautions (only accept commands from specific users, and make it a weird one like Difhd9t396Dt96) this could work fine for micro-admining via a phone.
  • Go Ahead (Score:1, Funny)

    by photon317 ( 208409 )

    Set up an AIM->Shell gateway on your box. Give me the AIM number so I can help you debug it please :)

    • Dear God,
      Please execute some Slashdot souls who somehow get mod points and abuse them.

      There's nothing Troll about my comment above. It's a consise and somewhat funny statement (little smiley being there and all) indicating my opinion to the asker that having an AIM->Shell gateway would be a *really* bad idea. And here you go muting my voice, possibly leading him down the path of insecurity indirectly.

      WTF? TROLL?

      ARG Slashdot can be so sickening.
  • What happens when some jackass warns your IM Name up to 100? Then they cannot respond for quite some time.

    <ramble>
    For awhile whenever someone would leave their computer unlocked with AIM open here at work, we would send some messages to theirself(themself?) and then warn their own screenname. We would do this until they reached 100% or the person was heard returning.

    This one time I took a screenshot of my desktop with AIM running and set it as my desktop image. I left my computer purposely leaving it unlocked and returned to find a coworker clicking his fingers off.

    "Dude, your AIM is fucked up!"

    After I told him what I did we all had a good laugh. Needless to say, we all use MSN now.
    </ramble>

    Maybe you could use email, or SMS, or ICQ?
    • if the bot doesn't respond to unknown people, and all the trusted people know not to warn the crap out of it, then there will be no problem with warning levels.

  • Yeah! It's real easy. You set up a perlbot that uses GPG. You give perlbot your public key and it gives you a public key YOU set up, then you encrypt your command using it's GPG key and it unencrypts it, runs it then returns the results encrypted using your key!

    Sure, it's nearly useless and it's stupid, but what you're suggesting is nearly useless and stupid. Why don't you just set up VNC to use port 80? Hmmm? Would that make things too easy? Oh, I'm sorry, what I meant to ask was "maybe I could use that VNC thing... I hear it's kind of like Remote Desktop, but for Lunix. I hear Perl is cool. I liked Perl Jam in middle school. Where are my Puddle of Mudd CDs?" ...okay, that was harsh. But... seriously here. To use the common "If your computer was your house" what you're doing is leaving the key under the rug, then buying a billboard in your neighborhood that says "Hey, Bob, My key is under the rug. I left some coffee brewing and my wife is sleeping so don't wake her."

    Dear lord.
  • First, you could also do something similar over http or (with a dedicated IP) https for more security. Take a look at CGI:IRC for an example that keeps the connection open, etc.

    Second, I take it you're planning on switching to ex for your editing needs? Get yourself your own little unique niche in the vi vs. emacs wars?

    • I have web based admin too, for file editing on my sites, as well as VERY limited shell access via SSL and .htaccess protection....and as for an editor....DEATH TO EMACS!!! VIM OWNZ J00...how was that...okay?
  • Its simple really... (Score:3, Interesting)

    by Quicksilver31337 ( 541929 ) <kariudo&gmail,com> on Wednesday October 23, 2002 @11:45AM (#4513133) Journal
    For those of you that think Im insane for wanting to use such an unsecure form of shell access. I have a Danger Hiptop, which has a built in AIM client, and no shell client...yet.
    So, the idea here is to allow me to get shell access when i cant get to a full box with a SSH client on it. And as far as security goes, i would clearly only allow it to execute commands that come from my screenname......SO DONT GO GETTING ANY IDEAS!
    Furthermore, I appreciate those of you who gave infomative answers, rather then uninformed cynical rantings.
    • Someone could fake an aim packet though, make it appear as if rm -rf / were coming from your screenname, and that would suck.

      You might want to consider OTP (one time passwords) for login, so you avoid typing your password plaintext.
    • Upon further research into the Danger Hiptop, it appears that it has a java vm. Therefor you should be able to run any java telnet application, such as java-ssh http://www.cl.cam.ac.uk/~fapp2/software/java-ssh/ or whatever. HTH.
  • Yup, I will repeat what everyone else appears to be saying. This is a huge security issue! There are many ways to provide remote shell access securely even across multiple platforms and operating systems. AIM is not one of them.
    You are asking for serious trouble.

    OpenSSH connection to a Perl script to prompt users appropriately, would be worlds better than AIM.

    You need to clarify exactly why you want to use AIM over another solution to convince Techies.

    For example, you want the server to go online to AIM and alert someone, who's monitoring, of a problem and then said person can connect via AIM to resolve the problem. There are many other ways to alert someone including Pager, email, etc. These listed alerts would be better because who's to say the person will actually be on AIM when the server needs them to be there.

    Even if you are on a secure connection, you are still using AIM which relies on AOL servers to receive and send the data. This means it goes over the Internet unencrypted and can most certainly be intercepted. Would you want someone who stumbles across you packets connecting to this server and sending commands that execute locally on the server? This scares the hell out of most techies.

    Again, state your reasoning and exactly what you are trying to accomplish. If it makes sense then you'll get a logical answer to the question. If it's a poor idea, it will be torn to shreds.

    You may be just scratching the surface of an innovative idea that could be solved in a more secure fashion. It's just that you are going about it the wrong way.
  • Sorry if this has been posted, but I see a whole bunch of people chastising you for using cleartext AIM, recommending ssh. I personally know of several situations where ssh is not an option, but AIM is.

    If it's an option, I suggest using a public key signing at the minimum, best bet would be public key encryption. If a person would be able to take a java applet (or command lines, or GUI, or morse code on the mouse button(s)...) to take the text to send -- commands, passwords, etc., GPG sign or encrypt and spit out what to paste into the AIM window, that may provide security for the server and (only slightly less) usability for the client. Additionally, the server may be able to do the same, so if you could paste the encrypted/signed server text into another application, you'd be able to have more security for what the client sees as well.

    This is only worth a damn if you can trust the server and the client. If you can't, you'd be best listening to the 50+ people telling you you're crazy.

  • I have been working on something like this using java. Basically here's how it works:

    User sends a message to a bot listening on some server.

    Bot parses message to get command.

    Bot checks to see if user is allowed to execute command. This is done by checking an XML conf file which lists all the possible commands and their persmissions (currently theres only two levels of persmissions).

    If the user can execute the command it is executed and the result is sent back as a message to the user who executed it.

    This method works because I can limit the calls made, but if you wanted to change it to work like a shell that would be pretty easy.

    The javaTOC package is what I used to connect to aim. It was written by Jeff Heaton and it works great.

    I don't have the source anywhere to view, but if anybody wants it let me know...
  • I understand the desire for mobile administration, however, I do not understand the desire to use AIM as the carrier.

    I have a Handspring Visor with a Visorphone attachment. In conjunction with a dial-in ISP, I can obtain a nice little internet connection. Now that I'm online with my Visor, I can use the spiffy little Palm OS SSH client [offshore.com.ai]. It's a breeze to setup and would provide you with a *cough* secure hand-held remote administration tool. I've used it and it works great for commands and returns, and so-so for things like mutt and vi. For anything else, you have to play with your terminal modes on your *NIX box, though this is not a difficult task.

    Hope this helps.

    *cough*: 'secure' is a relative term here

  • This would be really fun if you did open it up to crackers and let them enter commands, then respond in AI fashion with "helpful" error messages ("you sound angry, are you sure you want to execute rm -rf /") or the famous "I'm sorry, Dave, I can't let you do that". Watching the logs of this might provide some amusment.
  • Well, not quite exactly what you've spec'd out, but a friend of mine has developed a java applet which is a telnet-over-http client. There is also a server-side component.

    It's a little clunky, but what it does is provides shell access to a system by tunneling commands and output over HTTP. This allows you to log in to your boxen when you are stuck behind a firewall/proxy server that ONLY allows HTTP traffic to pass. Because it uses HTTP, you can also use HTTPS if you have a webserver running on that machine which has SSL enabled, giving you a secure connection.

    Source code hasn't been released yet, sorry.

    If you're just looking for a lightweight, well-written SSH/Telnet client for Win32, try PuTTY [greenend.org.uk]. It's a single executable (no installer required, no DLL's) which stores configuration info and keys in the registry. The executable can even be stuck on a floppy or CD if you so desire and run from there.
  • by toast0 ( 63707 ) <slashdotinducedspam@enslaves.us> on Wednesday October 23, 2002 @05:17PM (#4516695) Homepage
    I have a project on sourceforge, shear [sourceforge.net] that may serve as a head start towards your goal.

    Althought it doesn't currently do anything with the shell, it supports sending commands to an aimbot which then processes the command and does something useful.

    To play around with it, send toastsaimbot0 a message on aim.

    It is fairly easy to modify, and adding commands to do stuff you'ld like to do should not be too difficult.

    It supports authentication based on aim usernames, and will work on ICQ as well (on the odd chance you are in a situation where you can access icq but not aim)

    send me an email if you want more details, and/or help getting it to run.
  • Oddly enough, I use a combination of my AIM-enabled Nokia 3390 T-Mobile phone, Trillian Pro [trillian.cc] as my AIM client, with Winamp 2.x plugins, and it's built in word-matching abilities to control Winamp. For instance //next could change to the next song, as Tril Pro supports Winamp controlling as such through it's plugin. I can also launch MS Outlook from my mobile and any other program. Or set my status to away, or lock my workstation. I doubt any of this would ultimately be useful to you, but it's fun to turn the music on and off from another city... sorta...
  • by Gudlyf ( 544445 ) <gudlyf AT realistek DOT com> on Wednesday October 23, 2002 @10:50PM (#4518937) Homepage Journal
    However, I use the Chimmy Yahoo client [rpmfind.net], a console based client that runs on Linux, and run it through some expect [nist.gov] scripts. I sometimes use this so that I appear to always be online and receive and reply to messages via email on my cellphone. I send an email message from my phone to an address on my linux box, which interprets the commands and sends them through to the appropriate places, and vice-versa. So far it works great.
  • Make a hash (Score:2, Interesting)

    by elphkotm ( 574063 )
    I know this sounds cheesy, but use a hash of numbers to verify your login. A "small" number that can be calculated with a normal calculator. Change this formula often. Make sure you can only message from a single IM user. Even though the hash code and your AIM username/password are going over an unencrypted data channel, as long as the hash code is even somewhat robust and changes often, you should have a pretty secure login mechanism. Happy hacking :)

In space, no one can hear you fart.

Working...