home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Columbia Kermit
/
kermit.zip
/
newsgroups
/
misc.19950726-19950929
/
000117_news@columbia.edu_Tue Aug 8 21:58:51 1995.msg
< prev
next >
Wrap
Internet Message Format
|
2020-01-01
|
3KB
Received: from apakabar.cc.columbia.edu by watsun.cc.columbia.edu with SMTP id AA13659
(5.65c+CU/IDA-1.4.4/HLK for <kermit.misc@watsun.cc.columbia.edu>); Wed, 9 Aug 1995 19:52:57 -0400
Received: by apakabar.cc.columbia.edu id AA28482
(5.65c+CU/IDA-1.4.4/HLK for kermit.misc@watsun); Wed, 9 Aug 1995 19:52:56 -0400
Path: news.columbia.edu!news.cs.columbia.edu!pipeline!newsjunkie.ans.net!howland.reston.ans.net!newsserver.jvnc.net!cmi.hahnemann.edu!news
From: BRENNAN@HAL.HAHNEMANN.EDU (A. Andrew Brennan)
Newsgroups: comp.protocols.kermit.misc,comp.os.vms
Subject: C-Kermit scripting & VMS ... odd?
Date: 8 Aug 1995 21:58:51 GMT
Organization: Hahnemann University
Lines: 58
Distribution: world
Message-Id: <408mms$e47@cmi.hahnemann.edu>
Nntp-Posting-Host: hal.hahnemann.edu
X-News-Reader: VMS NEWS v1.25
Xref: news.columbia.edu comp.protocols.kermit.misc:3388 comp.os.vms:107296
Apparently-To: kermit.misc@watsun.cc.columbia.edu
Ok, I was going to include the whole script ... then realized it's just
about everything you need for a Q&D password stealing routine. While it
doesn't take too much of a brain to write a password trojan, I would much
rather *not* go down in flames for posting one to Usenet.
Thus, I'll post the offending bits (mind you, not the naughty bits) and
hope someone can dredge up what is wrong:
;
output \13
input 20 Username:
if fail error {Unable to connect}
output \%n\13
input 20 Password:
if fail error {Unable to connect}
output \%p\13
output \13
input 5 Username:
if failure goto gooduser
echo must have a bad password
goto eof ; got the username prompt, must be a bad password
:gooduser
echo \10\10made it to gooduser\10\10
connect
; quit, return to login procedure.
quit
;
On a Unix box, this bit will do what we want. We pull in the username
and password, check it against the "permitted users" list and pass it to
the login routine via a telnet connection. Good password - pass through
and the user is online. Bad password - they get dumped.
VMS (CKVVTGV.EXE 5A(190) 4 Oct 1994) unfortunately doesn't work this way
exactly. The routine passes the username & password, looks for anything
to indicate that the password was bad (an extra return would force a new
'Username:' prompt on the first login attempt) and *not finding it* would
allow the user to login ... at which point C-Kermit blows up:
%SYSTEM-F-ACCVIO, access violation, reason mask=05, virtual address=63207427,
PC=00066A0E, PSL=03C00000
%TRACE-F-TRACEBACK, symbolic stack dump follows
module name routine name line rel PC abs PC
CKVCON ckcgetc 6053 000000C6 00066A0E
CKVCON conect 6301 000005DA 0006708E
CKUUS4 doconect 8625 00000049 0006D24D
CKUUSR docmd 7163 000003B2 00067F72
CKUUS5 parser 7013 0000066A 0004EDFA
CKCMAI main 6657 00000302 0004D702
Looks like it's not happy about not finding that it shouldn't let the
user login (not enough negatives in that sentence, no??)
Anyone run into this one yet?
andrew. (brennan@hal.hahnemann.edu)