Snooping For Usernames And Passwords Over SSH Using Strace On Linux
May 28, 2009, 03:03 (1 Talkback[s])
(Other stories by Mike Tremell)
Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers
[ Thanks to An Anonymous
Reader for this link. ]
"You can run this shell script (which I'll admit is a
little sketchy - written under duress ;) fairly simply, like so:
host # ./ssh-snoop
"The picture below shows the minimal interactivity at startup
(just to confirm that you get the base SSH process - since the
strace call will run down all the forked processes from the root).
In the case shown below the username is "user123" and the password
is "easyPass" You'll have to sift through a few lines of garbage,
but it's better then combing the full strace output:"