Slashdot Mirror

← Back to Stories (view on slashdot.org)

Obtaining Shell Access via AIM?

Posted by Cliff on from the terminals-pah!-that-would-be-too-easy dept.

Quicksilver31337 asks: "I have recently been faced with a challenge of getting shell access via a AIM(for mobile access purposes), where Perl would be used to recieve messages (prolly from specified users only) over AIM, and pass them as shell commands, and finally, returning output to the user over AIM again. Its seems to be possible to me (maybe using Net::AIM) and I was wondering if anyone has tried something similar with success. Thanks."

4 of 88 comments (clear)

  1. I use TAC by MiTEG · · Score: 3, Interesting

    I usually use TAC as my AIM client when using a Linux system. It's great because it's small, console based, and is pretty flexible. If you want to mess around with it you'll have to know a bit of TCL, but I don't think it's still being developed so you're not likely to get much help. By default it supports logging to a file as well as reading from a file to send messages, so it wouldn't require much hacking to get a quick and dirty version working of what you want. Possibly try logging messages with the content you want executed to a script file, then something else to specify when to execute the script. It wouldn't be pretty or secure but it might do what you want.

    --
    The future isn't what it used to be.
  2. Re:Very risky by 3-State+Bit · · Score: 3, Interesting

    I suppose you could use one time passwords and such...
    You could NOT use one-time passwords, unless you can do bitwise XORing in your head and remember as many bits as you'll ever type. If you can do both those, then you can do RSA in your head too. (Okay, that's a lie, but for our purposes...)
    Except when we read "password" as "session key", meaning that text following the password is not sent in the clear, but always changed by a function involving the session key, there's no such thing as a one-time password. Since AIM doesn't have anything that includes that "function", you can only use a session key by doing the operations in your head.
    So, no-go.

  3. Its simple really... by Quicksilver31337 · · Score: 3, Interesting

    For those of you that think Im insane for wanting to use such an unsecure form of shell access. I have a Danger Hiptop, which has a built in AIM client, and no shell client...yet.
    So, the idea here is to allow me to get shell access when i cant get to a full box with a SSH client on it. And as far as security goes, i would clearly only allow it to execute commands that come from my screenname......SO DONT GO GETTING ANY IDEAS!
    Furthermore, I appreciate those of you who gave infomative answers, rather then uninformed cynical rantings.

    --
    _______
    Death wish, n.:

    The only wish that always comes true, whether or not one wishes it t
  4. I actually did something like this by Gudlyf · · Score: 3, Interesting

    However, I use the Chimmy Yahoo client, a console based client that runs on Linux, and run it through some expect scripts. I sometimes use this so that I appear to always be online and receive and reply to messages via email on my cellphone. I send an email message from my phone to an address on my linux box, which interprets the commands and sends them through to the appropriate places, and vice-versa. So far it works great.

    --
    Trolls lurk everywhere. Mod them down.