lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 30 Sep 2009 11:12:16 -0400 From: "Fernando A. Lagos B." <fernando@...ial.org> To: "my.hndl" <my.hndl@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Modifying SSH to Capture Login Credentials from Attackers -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 my.hndl wrote: > If you've ever had your SSH server dictionary attacked and wondered what > usernames / passwords the attackers were trying... > > I've posted detailed instructions on modifying openssh on Ubuntu 9.04 in > order to log username / password attempts made by bots. This > information can then be used to track down the tools / dictionaries > being used against you, and may even lead to discovery of IRC command & > control channels used by the botnet herders/masters (the topic of my > next post). > > Full username / password logs included for your enjoyment: > http://paulmakowski.wordpress.com/2009/09/28/hacking-sshd-for-a-pass_file/ Exists a "PAM" module exploit/utility to save the typed passwords via ssh, "normal login", etc. > > Intended for novices interested in honeypots. > - -- Fernando A. Lagos Berardi - Zerial Desarrollador y Programador Web Seguridad Informatica Linux User #382319 Blog: http://blog.zerial.org Skype: erzerial Jabber: zerial@...beres.org GTalk && MSN: fernando@...ial.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrDdU8ACgkQIP17Kywx9JRbtgCZAfXuMqNhJoUHodwsbo0Fi7N9 /V4AnRqg8R/tDVs0Tt1v9PerQlPrGzw1 =mFb4 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists