Snooping For Usernames And Passwords Over SSH Using Strace On Linux

May 28, 2009, 03:03 (1 Talkback[s])
(Other stories by Mike Tremell)

[ Thanks to An Anonymous Reader for this link. ]

"You can run this shell script (which I'll admit is a little sketchy - written under duress ;) fairly simply, like so:

host # ./ssh-snoop

"The picture below shows the minimal interactivity at startup (just to confirm that you get the base SSH process - since the strace call will run down all the forked processes from the root). In the case shown below the username is "user123" and the password is "easyPass" You'll have to sift through a few lines of garbage, but it's better then combing the full strace output:"

Complete Story

Related Stories:

• Debugging and profiling your C/C++ programs using Free Software(May 19, 2009)
• /dev/null And /dev/zero On Linux And Unix: What's The Difference?(Apr 30, 2009)
• Everything Broke Today. So, How Was Your Day?(Apr 15, 2009)
• How to fix the most common Linux problems(Mar 10, 2009)
• Per-Process Namespaces (Conquering The Blob!)(Feb 21, 2009)
• Four Completely Useless Linux Commands(Feb 03, 2009)
• Debugging code with strace(Jan 09, 2009)
• All About Linux: strace - A Very Powerful Troubleshooting Tool for All Linux Users(May 08, 2006)