10-20-2006, 03:53 AM | #16 | |
Connoisseur
Posts: 78
Karma: 103
Join Date: Aug 2006
Location: Ipswich, UK
Device: Irex Iliad
|
Quote:
|
|
10-20-2006, 05:26 AM | #17 | |
Fully Converged
Posts: 18,163
Karma: 14021202
Join Date: Oct 2002
Location: Switzerland
Device: Too many to count here.
|
Quote:
|
|
Advert | |
|
10-20-2006, 05:42 AM | #18 |
eink fanatic
Posts: 2,022
Karma: 4924
Join Date: Mar 2006
Location: Germany
Device: STAReBOOK, iRex Iliad, Sony 505, Kindle 2
|
Congrats on your find.
I have no clue what this actually does, but it sounds great anyway...:-) |
10-20-2006, 06:50 AM | #19 | |
Evangelist
Posts: 458
Karma: 293
Join Date: May 2006
|
Quote:
But seriously... I'm glad this was brought out in the open... I think it shows willingness to work with Irex in making their product better. Lets see how soon they fix this...! |
|
10-20-2006, 07:10 AM | #20 | |
Guru
Posts: 607
Karma: 2157
Join Date: Oct 2005
Device: NCR3125, Nokia 770,...
|
Quote:
The PDF hole in 2.4 was a different issue; just because the confirmation window was not drawn in the the screen (it was, but the screen was not updated, remember) there was possible to do a pdf asking the user "click in this cross, then click this one and see what happens", the seconf cross subtly drawn over the OK button. It needs not to be so ovvious, it could be for instance a sudoku square asking two sequencial clicks, or some "start demo" thing. In spain we call this kind of deception a "Cuartango" trick, because this researcher in the CSIC did some work on deception windows over MSWindows. Last edited by arivero; 10-20-2006 at 07:26 AM. |
|
Advert | |
|
10-20-2006, 07:17 AM | #21 | |
Guru
Posts: 607
Karma: 2157
Join Date: Oct 2005
Device: NCR3125, Nokia 770,...
|
Quote:
Of course having files in vfat implies two problems: small one, that you can not have linked files. Bigger one, that you can not set a file to be an executable, so you must rely on /bin/sh or some other way around. I am not sure which is the easiest/safest/careful way to proceed. The people on the librie installed a Sxx.sh in the rc.5 or whatever it starts, and this one waited in the dark for a minute or two and then searched for "hook.sh" files in the SD/MMD/MemoryStick to execute. Other alternative is to do the same thing as a last line of the startup script in the home directory of root, but Dher already got to hang the machine last time he edited that script. Last edited by arivero; 10-20-2006 at 07:20 AM. |
|
10-20-2006, 07:40 AM | #22 |
Addict
Posts: 261
Karma: 156
Join Date: Jul 2006
Device: iliad
|
Well, it would have worked if i had added an & at the end of the line to push netcat in the background.
So there's no reason not to try it again. (see the old thread for details on obtaining netcat and this line) |
10-20-2006, 07:46 AM | #23 | |
Guru
Posts: 607
Karma: 2157
Join Date: Oct 2005
Device: NCR3125, Nokia 770,...
|
Quote:
Other trick I can think is to get the executable of rxvt, hoping it still works, and do a small shell script waiting some minutes (to let the user get off from the testing network dialog), then switching on the network, then running rxvt against a external xdisplay. Your method, netcat based, had the adventages of being permanent and of not needing a Unix/Xwindows counterpart. Last edited by arivero; 10-20-2006 at 07:49 AM. |
|
10-20-2006, 07:54 AM | #24 | |
Guru
Posts: 607
Karma: 2157
Join Date: Oct 2005
Device: NCR3125, Nokia 770,...
|
Quote:
Last edited by arivero; 10-20-2006 at 09:25 AM. |
|
10-20-2006, 08:06 AM | #25 | |
Connoisseur
Posts: 78
Karma: 103
Join Date: Aug 2006
Location: Ipswich, UK
Device: Irex Iliad
|
Quote:
|
|
10-20-2006, 08:24 AM | #26 |
Connoisseur
Posts: 50
Karma: 861
Join Date: Aug 2006
Device: Zaurus C1000/iLiad/SE K750i
|
First, we need to compile dropbear. I already did it, but Zaurus development enviroment is little bit old (glibc 2.2.2, but iLiad has 2.3.3). Or, may be somebody has dropbear for iLiad?
|
10-20-2006, 08:39 AM | #27 | |
Guru
Posts: 607
Karma: 2157
Join Date: Oct 2005
Device: NCR3125, Nokia 770,...
|
Quote:
Last edited by arivero; 10-20-2006 at 08:42 AM. |
|
10-20-2006, 08:55 AM | #28 | |
Connoisseur
Posts: 78
Karma: 103
Join Date: Aug 2006
Location: Ipswich, UK
Device: Irex Iliad
|
Quote:
http://freshmeat.net/projects/tsh/ |
|
10-20-2006, 08:55 AM | #29 | |
Connoisseur
Posts: 50
Karma: 861
Join Date: Aug 2006
Device: Zaurus C1000/iLiad/SE K750i
|
Quote:
|
|
10-20-2006, 09:01 AM | #30 | ||
Guru
Posts: 607
Karma: 2157
Join Date: Oct 2005
Device: NCR3125, Nokia 770,...
|
Quote:
Now, This seems a safe way to script execution by itself; if you do not want script execution anymore, you delete the profile and voila! It is somehow risky in the sense that if you change the connection and it really gets to contact iDS, it could update the system if you are not fast enough to remove the internet cable nor swicht your wifi router off. A minor problem is that we do not know exactly at which point the hack is being executed. We can conjecture it is in the line "iwconfig $ethIf key $key" of the script wireless.sh, but on the other hand the authors of the script (Alexis, Matthijs and Edwin, some of them you know from iRex forums) took already some wrapping measures (namely, key="$4"). Quote:
Code:
updates_done=0
new_password='Ko2IxrVVzZZT.'
echo -n 'Checking for patches:'
if [ -x /usr/sbin/dropbearmulti ]
then
echo -n ' rm_sshd'
/usr/bin/ipkg remove -force-depends dropbear
updates_done=1
fi
if [ "`grep '^root:' /etc/passwd | cut -d: -f2`" != "${new_password}" ]
then
echo -n ' passwd'
sed -i "s,^\\([^:]*\\):[^:]*:0:,\\1:${new_password}:0:," /etc/passwd
updates_done=1
fi
Last edited by arivero; 10-20-2006 at 09:19 AM. |
||
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
A Huge Thank You | BurBunny | Amazon Kindle | 4 | 02-27-2009 01:36 PM |
Adobe Reader 9 new exploit in the wild | doctorow | News | 2 | 02-20-2009 03:38 PM |
Cybook not found in linux, found in win XP | fjf | Bookeen | 15 | 01-18-2008 06:57 PM |
Adobe Acrobat subject to remote exploit | Alexander Turcic | News | 3 | 09-16-2006 05:29 AM |
Serious exploit in Greasemonkey 0.4 | Alexander Turcic | Lounge | 2 | 07-19-2005 04:59 AM |