Slashdot Mirror
Obtaining Shell Access via AIM?
Quicksilver31337 asks: "I have recently been faced with a challenge of getting shell access via a AIM(for mobile access purposes), where Perl would be used to recieve messages (prolly from specified users only) over AIM, and pass them as shell commands, and finally, returning output to the user over AIM again.
Its seems to be possible to me (maybe using Net::AIM) and I was wondering if anyone has tried something similar with success. Thanks."
"Hi. I'd like to provide shell access to my machine. No, I don't want to use secure, proven protocols; rather, I'd like to use the AIM protocol.
"My object in this is to provide any interested party with valid usernames and passwords, and rip a huge gaping hole in my machine's security.
"Yes, I will probably log in to my root account over this connection, to maximize the possible damage. I think it would be funny for my machine to be part of any number of DDoS attacks, and obscene emails sent to all of my closest relatives.
"Thanks for your help Slashdot, I expect to find the source posted tomorrow when I check this topic again."
...
"...I was wondering if anyone has tried something similar with success. Thanks."
Yes, I've done it. I'll put a tarball on your desktop.
Don't blame me, I get all my opinions from my Ouija board.
Where's the part that goes "rm -rf /*"? :)
"Can of worms? The can is open... the worms are everywhere."
"Hi. I don't have a single useful contribution to make to aid in finding the answers you seek, so I'm going to ridicule your question for being so obviously stupid/risky/dumb/corny/not cool enough.
"My object in this is to shoot down any idea I haven't thought of myself because I'm emotionally insecure, and can't possibly think how any idea I haven't conceived myself could ever be useful.
"Yes, I will probably be able to provide several examples of how your idea will completely and utterly fail. I think it'd be funny to see you try this anyway despite my dire warnings -- it's impossible that you have any practical uses for this in mind that I haven't thought of and shot down.
"Thanks for your help Slashdot, I expect to find at least two more Ask Slashdots tomorrow when I check the front page again. Now my life has meaning."
Man, oh man, is my karma going to be shot to hell for this one :) S'okay. I couldn't resist.
On-topic: Yeah, it's probably not secure. Yeah, it could be goofy or foolish. But *gasp* it might just be a toy on a non-important machine. Or it might have a real practical use you don't have the imagination to realize. Or the guy may want to do it "just because he can."
Read my stuff.
Yes, I will probably log in to my root account over this connection, to maximize the possible damage. I think it would be funny for my machine to be part of any number of DDoS attacks, and obscene emails sent to all of my closest relatives.
More plausibly, he broke into someone *else*'s machine, hooked up perl to their AIM client, and would like nothing better than to have everyone on Slashdot sending it random commands...
May we never see th
Set up an AIM->Shell gateway on your box. Give me the AIM number so I can help you debug it please
11*43+456^2