Linux - Fake sshd

12. December 2011 23:00

 

I have just added another tool to my collection. Which is a fake sshd for linux. It can be used to capture login attempts. It is used for doing the following.

 

  • Profiling password attack atempts on servers.
  • Setting up a honey pot so you can invite the "kids" in
  • Stealing the dictionary's used by attackers to test against your own password hashes.

 

Here is an example of the log output from an attack.

 

 

Dec 11 14:02:04 debian fake-sshd.exe: IP: 74.53.140.146 USER: root PASS: edityahoo.no
Dec 11 14:02:06 debian fake-sshd.exe: IP: 74.53.140.146 USER: root PASS: edityahoo.org
Dec 11 14:02:07 debian fake-sshd.exe: IP: 74.53.140.146 USER: root PASS: 68b329da9893e34099c7d8ad5cb9c940
Dec 11 14:02:09 debian fake-sshd.exe: IP: 74.53.140.146 USER: root PASS: 7hur@y@t3am$#@!(*(
Dec 11 14:02:10 debian fake-sshd.exe: IP: 74.53.140.146 USER: sysgames PASS: qwertycosmin
Dec 11 14:02:12 debian fake-sshd.exe: IP: 74.53.140.146 USER: bin PASS: diana4ever
Dec 11 14:02:13 debian fake-sshd.exe: IP: 74.53.140.146 USER: bin PASS: bostanel

 

 

more information / download

 

By: james
Category: Linux, Programming, Security, Software, C, Linux Programming
Tags: , , , ,
Comments (1)
E-mail Kick it! DZone it! del.icio.us Permalink


Comments (1) -

8/15/2012 12:51:23 AM #

Freakin genius. After setting up my little box I noticed a bunch of attacks. I changed my default ssh port, but now I can set this up and enjoy watching the little bastards try to get in.

Trevor United States | Reply

Add comment




  Country flag
biuquote
  • Comment
  • Preview
Loading