Thursday, September 4, 2014

ICQ Windows client to linux client centerim for basic remote commands on linux shell

This is a quick proof of concept to enable basic remote administration via shell commands to a Debian 7 server running centerim and piping the commands to /bin/sh and then back to centerim to be echoed into the Windows ICQ client. First install:

apt-get install inotify-tools

script file in /root where xxxxxxxx is the ICQ client giving commands and receiving output.

notifyme
#/bin/sh
screen -S "CenterimRX" -dm centerim
while inotifywait -e close_write /root/.centerim/xxxxxxxx/history
         do
                tail -5 /root/.centerim/xxxxxxxx/history | grep secretcommand > /root/runme
                echo "it changed"
                        if grep -q secretcommand /root/runme
                                then
                                echo "Command Found"
                                cat /root/runme | awk 'BEGIN {FS="^"} ; {print $1}' | /bin/sh | centerim -s msg -p icq -t xxxxxxxx
                                else
                                echo "No Command To Run"
                        fi
 done

Configure the centerim client in /root/.centerim/

To us this, send a test message to the linux server ICQ user id:
ls -la^secretcommand

The script will watch the centerim chat history for a particular remote admin user ICQ UID and parse out the word secretcommand and notice a command being armed. The ^ after the command allows us to use spaces for more complicated commands. The ^ being a field separator for awk.

Input:
rx : 4 September at 16:56 :
ifconfig^secretcommand

tx : 4 September at 16:57 :
eth0      Link encap:Ethernet  HWaddr 00:16:41:3b:9a:2c
          inet addr:10.0.1.25  Bcast:10.0.1.255  Mask:255.255.255.0
          inet6 addr: fe80::216:41ff:fe3b:9a2c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:55628 errors:0 dropped:0 overruns:0 frame:0
          TX packets:17733 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:6467849 (6.1 MiB)  TX bytes:2424223 (2.3 MiB)
          Interrupt:16 Memory:d0080000-d00a0000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1014 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1014 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
   
     RX bytes:60880 (59.4 KiB)  TX bytes:60880 (59.4 KiB)

No comments:

Post a Comment