Obtaining Shell Access via AIM?

Quicksilver31337 asks: "I have recently been faced with a challenge of getting shell access via a AIM(for mobile access purposes), where Perl would be used to recieve messages (prolly from specified users only) over AIM, and pass them as shell commands, and finally, returning output to the user over AIM again. Its seems to be possible to me (maybe using Net::AIM) and I was wondering if anyone has tried something similar with success. Thanks."

Re:GAIM

[Anglophile]

MattCohn's right in that Gaim is the program you want to use, but the good news is your don't even have to gut the code! Gaim supports perl plugins, which can even act as AIM Bots. So, what you could do (quite easily in fact - download Gaim, unpack and read the doc on Perl modding in one of the source code subdirectories) is write a bot that stays online, listens for your commands, and then executes them on your machine. However, you may want to be careful as someone could easily execute malicious code on your computer!

Security?

[tm2b]

I know sounds obvious, but...

You have considered the security aspects of this, right? You're adding whatever security issues AIM has onto your existing system. AIM is not exactly designed to have server-strength security in terms of authentication!

You might be better off using a web-based approach - using client-side certificates, you can at least have some measure of strong authentication between your mobile user and your server. Even better would be to use SSH.

I have a hard time thinking that you didn't consider these other options, so I'm really curious - what other factors are dictating an AIM-based solution? SSH is available for just about every platform.

I've done this.

[FoxIVX]

I did pretty much this exact thing as a proof of concept. You can download it from www.dontpokebadgers.com and modify it as you see fit.

Example

[mfos.org]

Seeing as noone is really helping out, I'll give you a bit of example code. I have an AIM->Comment gateway for my blog.

Here is an example that will try and execute any command sent to it in a message. You'll need to add the appropriate security features.

#!/usr/bin/perl

use Net::AIM;

my $aim = new Net::AIM;

print "Connecting to AIM server..\n";
$aim->newconn ( Screenname => "your account",
Password => "your password",
AutoReconnect => 1
) or die "Connection failed. Fatal Error\n";

my $conn = $aim->getconn();

$conn->set_handler('im_in', \&got_message);
print "Connected.\n";
$aim->start;

sub got_message
{
my ($self, $evt, $from, $to) = @_;
my $args = $evt->args();
my ($nick, $auto_msg, $msg) = @$args;

$retval = `$msg`;

$self->send_im($from, $retval);
}

--------------
Simple as that

Re:Example (you could also use perl plugins)

[agnosonga]

this is obviously very risky.
I just thought id give you another possible answear.
just load this up with gaim perl plugins

NOTE: it might be a good idea to run gaim in a chrooted envirenment but please dont run it as root. (eliminating the rm -rf / problem)

NOTE: this hasnt been tested (for obvious reasons I hope)

my $gaim_version = GAIM::register("remote shell", 0.1,"goodbye", "");

my $only_run_commands_from_user = "your username";

my $user_name = GAIM::get_info(3,GAIM::get_info(1));

GAIM::add_event_handler("event_im_recv","run_me" );

sub run_me {
my ($index,$from,$mesg) = @_;
if ($from eq $only_run_commands_from_user){
GAIM::write_to_conv($user_name,2,"running command $mesg. have a nice day :-D");

open(PIPE, "$mesg | ");
my $send_back = "Output of command: $mesg\n";
while (){
$send_back .= $_;
}
close(PIPE);
GAIM::print_to_conv($index, $from, $send_back,0);
}
}

sub goodbye {
GAIM::write_to_conv($user_name,2,"Im dying");
}