Sniffing SSH passwords with strace on server side

I was in a situation that a user lost his application password and he could not change the password, because his application was hard coded with his original credentials.

In this case i was really in need to recover the original password, the easiest way to do that was with strace.

First of all, you need to be root on the server, this is a technique to sniff clear text on server side, after start the strace you will need to wait to a new authentication process.

# strace -f -p $(pgrep -o sshd) -o /tmp/sniff.txt -v -e trace=read,write -s 128 &
cat /tmp/sniff.txt

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.