Linux Today: Linux News On Internet Time.

Snooping For Usernames And Passwords Over SSH Using Strace On Linux

May 28, 2009, 03:03 (1 Talkback[s])
(Other stories by Mike Tremell)

[ Thanks to An Anonymous Reader for this link. ]

"You can run this shell script (which I'll admit is a little sketchy - written under duress ;) fairly simply, like so:

host # ./ssh-snoop

"The picture below shows the minimal interactivity at startup (just to confirm that you get the base SSH process - since the strace call will run down all the forked processes from the root). In the case shown below the username is "user123" and the password is "easyPass" You'll have to sift through a few lines of garbage, but it's better then combing the full strace output:"

Complete Story

Related Stories: