SSHD Injection and Password Harvesting

openssh

TL;DR

  1. Use echo 'print __libc_dlopen_mode("/path/to/library.so", 2)' | gdb -p <PID> for process injection
  2. Write a shared library to inject into sshd process
  3. In the library, fork a child process to monitor sshd children then attach (PTRACE_ATTATCH) to them
  4. For each ssh session, search its memory for …

View comments.

more ...