Ubuntu 18.04 OpenSSH-Server Capture Failed Passwords: Difference between revisions

From CompleteNoobs
Jump to navigation Jump to search
VisualWikitext
Created page with "==Done in a Vultr VPS to Capture Passwords== * could only get working on 18.04 - failed on 20.04 and 22.04 * Spin up a Ubuntu 18.04 server on VPS * Login to VPS terminal UFW firewall is enabled at default on Vultr Ubuntu 18.04 (at current time testing).<br> <code>ufw allow 8889/tcp</code><br> <code>echo 'Port 8889' >> /etc/ssh/sshd_config</code> <div class="toccolours mw-collapsible mw-collapsed"> Warning: Make sure you do not use SINGLE <code>></code> it will TRUNCATE..."
 
(No difference)

Latest revision as of 18:43, 11 May 2023

Done in a Vultr VPS to Capture Passwords

  • could only get working on 18.04 - failed on 20.04 and 22.04
  • Spin up a Ubuntu 18.04 server on VPS
  • Login to VPS terminal

UFW firewall is enabled at default on Vultr Ubuntu 18.04 (at current time testing).
ufw allow 8889/tcp
echo 'Port 8889' >> /etc/ssh/sshd_config

Warning: Make sure you do not use SINGLE > it will TRUNCATE the file!

Lets learn by testing safely
echo 'Hello World' > test.txt
Will create a file called test.txt with the text Hello World
echo 'Hello Again' >> text.txt will append Hello Again to a new line.
Use cat to print the content of a file onto the standard output stream.
cat test.txt
Should return:

Hello World
Hello Again

Now lets try the following.
echo 'One more time' > text.txt
cat test.txt
Single > will TRUNCATE.
Double >> will APPEND.
Can delete test.txt with rm test.txt

Of course you can do this with a text editor.
$EDITOR /etc/ssh/sshd_config

Restart sshd for new port to take effect.Existing connections will not be disconnected, new connections will need to use port 8889.
systemctl restart sshd
Disconnect from Server and reconnect with port 8889
ssh -p 8889 root@SERVERIP


Build second OpenSSH-Server to capture passwords

mkdir -pv /opt/openssh/dist
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.0p1.tar.gz
tar zxvf openssh-8.0p1.tar.gz -C /opt/openssh/
$EDITOR /opt/openssh/openssh-8.0p1/auth-passwd.c
Insert the following line(check before and after to see where):

logit("Failed Username:%s Password:%s", authctxt->user, password);

Before 

/*
 * Tries to authenticate the user using password.  Returns true if
 * authentication succeeds.
 */
int
auth_password(struct ssh *ssh, const char *password)
{
        Authctxt *authctxt = ssh->authctxt;
        struct passwd *pw = authctxt->pw;
        int result, ok = authctxt->valid;
#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
        static int expire_checked = 0;
#endif

After 

/*
 * Tries to authenticate the user using password.  Returns true if
 * authentication succeeds.
 */
int
auth_password(struct ssh *ssh, const char *password)
{
        Authctxt *authctxt = ssh->authctxt;
        struct passwd *pw = authctxt->pw;
        int result, ok = authctxt->valid;
        # Log username and password to auth.log < this line is a comment it starts with a #
        logit("Username: %s Password: %s", authctxt->user, password);
#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
        static int expire_checked = 0;
#endif


save and exit

apt install build-essential zlib1g-dev libssl-dev libpam0g-dev libapparmor-dev -y
cd /opt/openssh/openssh-8.0p1
./configure --with-pam --with-apparmor --with-privsep-path=/var/lib/sshd/ --sysconfdir=/opt/openssh/dist/ --prefix=/opt/openssh/dist/
make
make install
echo 'PermitRootLogin yes' >> /opt/openssh/dist/sshd_config
/opt/openssh/dist/sbin/sshd -t -f /opt/openssh/dist/sshd_config
/opt/openssh/dist/sbin/sshd
Should be working now on port 22 and loggin failed username and passwords in /var/log/auth.log
cat /var/log/auth.log | grep Password
It may take a while (give it 3 hours ish) and your log will return you results like this:
Checkout the username and passwords the cool bots are trying out.

Mar  3 21:05:09 sshd3 sshd[27561]: Failed Username:oracle Password:oracle
Mar  3 21:05:13 sshd3 sshd[27561]: Failed Username:oracle Password:123456
Mar  3 21:05:18 sshd3 sshd[27561]: Failed Username:oracle Password:111111
Mar  3 21:05:23 sshd3 sshd[27561]: Failed Username:oracle Password:oracle@123
Mar  3 21:05:23 sshd3 sshd[27561]: Failed Username:oracle Password:oracle@2016
Mar  3 21:05:25 sshd3 sshd[27561]: Failed Username:oracle Password:oracle2016
Mar  3 21:05:32 sshd3 sshd[27563]: Failed Username:oracle Password:oracle2016
Mar  3 21:05:33 sshd3 sshd[27563]: Failed Username:oracle Password:passw0rd
Mar  3 21:12:33 sshd3 sshd[27566]: Failed Username:admin Password:admin
Mar  3 21:12:33 sshd3 sshd[27566]: Failed Username:admin Password:
Mar  3 21:12:34 sshd3 sshd[27566]: Failed Username:admin Password:7ujMko0admin
Mar  3 21:12:34 sshd3 sshd[27566]: Failed Username:admin Password:1234
Mar  3 21:12:35 sshd3 sshd[27566]: Failed Username:admin Password:123456
Mar  3 21:19:51 sshd3 sshd[27574]: Failed Username:admin Password:admin
Mar  3 21:38:06 sshd3 sshd[27582]: Failed Username:janna Password:janna
Mar  3 22:01:18 sshd3 sshd[27592]: Failed Username:apache Password:123456
Mar  3 22:48:13 sshd3 sshd[27617]: Failed Username:root Password:ADMIN@123
Mar  3 22:48:13 sshd3 sshd[27614]: Failed Username:root Password:admin@123
Mar  3 22:48:14 sshd3 sshd[27615]: Failed Username:username Password:password
Mar  3 22:48:16 sshd3 sshd[27613]: Failed Username:root Password:centos
Mar  3 22:48:17 sshd3 sshd[27616]: Failed Username:root Password:Admin@123
Mar  3 22:48:17 sshd3 sshd[27620]: Failed Username:root Password:password
Mar  3 22:55:31 sshd3 sshd[27642]: Failed Username:devops Password:1
Mar  3 22:55:31 sshd3 sshd[27638]: Failed Username:telnet Password:Telnet666
Mar  3 22:55:31 sshd3 sshd[27641]: Failed Username:ftpuser Password:ftpuser1234
Mar  3 22:55:31 sshd3 sshd[27631]: Failed Username:service Password:service321
Mar  3 22:55:31 sshd3 sshd[27627]: Failed Username:minecraft Password:minecraft1234
Mar  3 22:55:31 sshd3 sshd[27634]: Failed Username:libuuid Password:libuuid123
Mar  3 22:55:32 sshd3 sshd[27645]: Failed Username:admin Password:test123
Mar  3 22:55:32 sshd3 sshd[27630]: Failed Username:zjw Password:Zjw1
Mar  3 22:55:32 sshd3 sshd[27629]: Failed Username:a Password:a
Mar  3 22:55:32 sshd3 sshd[27633]: Failed Username:dspace Password:dspace1234
Mar  3 22:55:32 sshd3 sshd[27636]: Failed Username:dspace Password:123456
Mar  3 22:55:32 sshd3 sshd[27643]: Failed Username:telnet Password:telnet1
Mar  3 22:55:32 sshd3 sshd[27635]: Failed Username:root Password:root1234
Mar  3 22:55:32 sshd3 sshd[27644]: Failed Username:mysql Password:password
Mar  3 22:55:32 sshd3 sshd[27639]: Failed Username:ansadmin Password:Ansadmin1234
Mar  3 22:55:32 sshd3 sshd[27640]: Failed Username:sonar Password:sonar123
Mar  3 22:55:32 sshd3 sshd[27665]: Failed Username:testuser Password:1
Mar  3 22:55:32 sshd3 sshd[27663]: Failed Username:test Password:test666
Mar  3 22:55:33 sshd3 sshd[27673]: Failed Username:dev Password:dev
Mar  3 22:55:33 sshd3 sshd[27678]: Failed Username:awsadmin Password:awsadmin
Mar  3 22:55:33 sshd3 sshd[27669]: Failed Username:service Password:123456
Mar  3 22:55:33 sshd3 sshd[27675]: Failed Username:pi Password:pi
Mar  3 22:55:34 sshd3 sshd[27677]: Failed Username:oracle Password:oracle666
Mar  3 22:55:34 sshd3 sshd[27672]: Failed Username:ubuntu Password:Ubuntu123
Mar  3 22:55:34 sshd3 sshd[27686]: Failed Username:minecraft Password:minecraft321
Mar  3 22:55:35 sshd3 sshd[27670]: Failed Username:root Password:abcd1234
Mar  3 22:55:35 sshd3 sshd[27674]: Failed Username:pi Password:Pi123
Mar  3 22:55:37 sshd3 sshd[27671]: Failed Username:oracle Password:Oracle666
Mar  3 22:55:37 sshd3 sshd[27690]: Failed Username:moxa Password:moxa321
Mar  3 22:55:39 sshd3 sshd[27632]: Failed Username:pi Password:Pi1
Mar  3 22:55:40 sshd3 sshd[27637]: Failed Username:es Password:Es1
Mar  3 22:56:04 sshd3 sshd[27664]: Failed Username:ts3 Password:1234
Mar  3 22:56:36 sshd3 sshd[27676]: Failed Username:halo Password:halo
Mar  3 23:07:34 sshd3 sshd[27697]: Failed Username:root Password:eve
Mar  3 23:07:36 sshd3 sshd[27700]: Failed Username:root Password:vmware
Mar  3 23:07:38 sshd3 sshd[27702]: Failed Username:root Password:123456
Mar  3 23:07:41 sshd3 sshd[27704]: Failed Username:root Password:root
Mar  3 23:07:42 sshd3 sshd[27706]: Failed Username:root Password:P@ssw0rd@123
Mar  3 23:07:44 sshd3 sshd[27708]: Failed Username:root Password:!QAZ@WSX
Mar  3 23:12:58 sshd3 sshd[27711]: Failed Username:telnet Password:telnet
Mar  3 23:13:02 sshd3 sshd[27711]: Failed Username:telnet Password:123456
Mar  3 23:13:03 sshd3 sshd[27711]: Failed Username:telnet Password:1234
Mar  3 23:13:05 sshd3 sshd[27711]: Failed Username:telnet Password:
Mar  3 23:13:06 sshd3 sshd[27711]: Failed Username:telnet Password:123
Mar  3 23:13:08 sshd3 sshd[27711]: Failed Username:telnet Password:123456789
Mar  3 23:13:13 sshd3 sshd[27713]: Failed Username:telnet Password:123456789
Mar  3 23:13:38 sshd3 sshd[27715]: Failed Username:root Password:root
Mar  3 23:13:41 sshd3 sshd[27715]: Failed Username:root Password:1234
Mar  3 23:13:43 sshd3 sshd[27715]: Failed Username:root Password:123456
Mar  3 23:13:45 sshd3 sshd[27715]: Failed Username:root Password:admin
Mar  3 23:13:49 sshd3 sshd[27715]: Failed Username:root Password:Chameleon
Mar  3 23:13:49 sshd3 sshd[27717]: Failed Username:root Password:root
Mar  3 23:13:51 sshd3 sshd[27717]: Failed Username:root Password:1234
Mar  3 23:13:51 sshd3 sshd[27715]: Failed Username:root Password:password
Mar  3 23:13:52 sshd3 sshd[27717]: Failed Username:root Password:123456
Mar  3 23:13:55 sshd3 sshd[27717]: Failed Username:root Password:admin
Mar  3 23:13:56 sshd3 sshd[27717]: Failed Username:root Password:Chameleon
Mar  3 23:13:57 sshd3 sshd[27719]: Failed Username:root Password:password
Mar  3 23:13:58 sshd3 sshd[27717]: Failed Username:root Password:password
Mar  3 23:13:59 sshd3 sshd[27719]: Failed Username:root Password:123
Mar  3 23:14:03 sshd3 sshd[27719]: Failed Username:root Password:toor
Mar  3 23:14:04 sshd3 sshd[27719]: Failed Username:root Password:ubuntu
Mar  3 23:14:06 sshd3 sshd[27721]: Failed Username:root Password:password
Mar  3 23:14:06 sshd3 sshd[27719]: Failed Username:root Password:12345678
Mar  3 23:14:07 sshd3 sshd[27721]: Failed Username:root Password:123
Mar  3 23:14:07 sshd3 sshd[27719]: Failed Username:root Password:oracle
Mar  3 23:14:08 sshd3 sshd[27721]: Failed Username:root Password:toor
Mar  3 23:14:09 sshd3 sshd[27721]: Failed Username:root Password:ubuntu
Mar  3 23:14:12 sshd3 sshd[27721]: Failed Username:root Password:12345678
Mar  3 23:14:13 sshd3 sshd[27723]: Failed Username:root Password:oracle
Mar  3 23:14:13 sshd3 sshd[27721]: Failed Username:root Password:oracle
Mar  3 23:14:15 sshd3 sshd[27723]: Failed Username:root Password:
Mar  3 23:14:16 sshd3 sshd[27723]: Failed Username:root Password:redhat
Mar  3 23:14:19 sshd3 sshd[27725]: Failed Username:root Password:oracle
Mar  3 23:14:19 sshd3 sshd[27723]: Failed Username:root Password:!Nexans_
Mar  3 23:14:23 sshd3 sshd[27725]: Failed Username:root Password:
Mar  3 23:14:23 sshd3 sshd[27723]: Failed Username:root Password:huigu309
Mar  3 23:14:27 sshd3 sshd[27725]: Failed Username:root Password:redhat
Mar  3 23:14:27 sshd3 sshd[27723]: Failed Username:root Password:hikvision
Mar  3 23:14:29 sshd3 sshd[27725]: Failed Username:root Password:!Nexans_
Mar  3 23:14:31 sshd3 sshd[27725]: Failed Username:root Password:huigu309
Mar  3 23:14:32 sshd3 sshd[27727]: Failed Username:root Password:hikvision
Mar  3 23:14:32 sshd3 sshd[27725]: Failed Username:root Password:hikvision
Mar  3 23:14:33 sshd3 sshd[27727]: Failed Username:root Password:kopp
Mar  3 23:14:35 sshd3 sshd[27727]: Failed Username:root Password:20080826
Mar  3 23:14:39 sshd3 sshd[27729]: Failed Username:root Password:hikvision
Mar  3 23:14:39 sshd3 sshd[27727]: Failed Username:root Password:indigo
Mar  3 23:14:41 sshd3 sshd[27729]: Failed Username:root Password:kopp
Mar  3 23:14:41 sshd3 sshd[27727]: Failed Username:root Password:video
Mar  3 23:14:43 sshd3 sshd[27729]: Failed Username:root Password:20080826
Mar  3 23:14:43 sshd3 sshd[27727]: Failed Username:root Password:glasshou
Mar  3 23:14:44 sshd3 sshd[27729]: Failed Username:root Password:indigo
Mar  3 23:14:47 sshd3 sshd[27729]: Failed Username:root Password:video
Mar  3 23:14:48 sshd3 sshd[27729]: Failed Username:root Password:glasshou
Mar  3 23:14:49 sshd3 sshd[27731]: Failed Username:root Password:glasshou
Mar  3 23:14:51 sshd3 sshd[27731]: Failed Username:root Password:realtek
Mar  3 23:14:53 sshd3 sshd[27731]: Failed Username:root Password:Pon521
Mar  3 23:14:55 sshd3 sshd[27733]: Failed Username:root Password:glasshou
Mar  3 23:14:55 sshd3 sshd[27731]: Failed Username:root Password:root621
Mar  3 23:14:58 sshd3 sshd[27733]: Failed Username:root Password:realtek
Mar  3 23:14:59 sshd3 sshd[27731]: Failed Username:root Password:hik12345+
Mar  3 23:15:01 sshd3 sshd[27733]: Failed Username:root Password:Pon521
Mar  3 23:15:01 sshd3 sshd[27731]: Failed Username:root Password:vizxv
Mar  3 23:15:04 sshd3 sshd[27733]: Failed Username:root Password:root621
Mar  3 23:15:05 sshd3 sshd[27733]: Failed Username:root Password:hik12345+
Mar  3 23:15:07 sshd3 sshd[27733]: Failed Username:root Password:vizxv
Mar  3 23:15:08 sshd3 sshd[27735]: Failed Username:root Password:vizxv
Mar  3 23:15:13 sshd3 sshd[27737]: Failed Username:root Password:vizxv
Mar  3 23:16:18 sshd3 sshd[27740]: Failed Username:user Password:123456
Mar  3 23:16:19 sshd3 sshd[27740]: Failed Username:user Password:qazwsx123
Mar  3 23:16:20 sshd3 sshd[27740]: Failed Username:user Password:user
Mar  3 23:16:20 sshd3 sshd[27740]: Failed Username:user Password:123qweasdzxc
Mar  3 23:16:21 sshd3 sshd[27740]: Failed Username:user Password:111111
Mar  3 23:16:24 sshd3 sshd[27740]: Failed Username:user Password:1qaz
Mar  3 23:16:30 sshd3 sshd[27742]: Failed Username:user Password:1qaz
Mar  3 23:16:31 sshd3 sshd[27742]: Failed Username:user Password:asdf1234
Mar  3 23:16:33 sshd3 sshd[27742]: Failed Username:user Password:1
Mar  3 23:16:33 sshd3 sshd[27742]: Failed Username:user Password:123456789
Mar  3 23:16:34 sshd3 sshd[27742]: Failed Username:user Password:admin
Mar  3 23:16:36 sshd3 sshd[27742]: Failed Username:user Password:123
Mar  3 23:16:40 sshd3 sshd[27744]: Failed Username:user Password:123
Mar  3 23:16:42 sshd3 sshd[27744]: Failed Username:user Password:
Mar  3 23:16:42 sshd3 sshd[27744]: Failed Username:user Password:useruser
Mar  3 23:18:40 sshd3 sshd[27756]: Failed Username:work Password:work123
Mar  3 23:18:40 sshd3 sshd[27753]: Failed Username:nagios Password:1
Mar  3 23:18:40 sshd3 sshd[27758]: Failed Username:root Password:Test123
Mar  3 23:18:40 sshd3 sshd[27752]: Failed Username:admin Password:Password123
Mar  3 23:18:40 sshd3 sshd[27759]: Failed Username:guest Password:123456789
Mar  3 23:18:40 sshd3 sshd[27757]: Failed Username:dockeradmin Password:Dockeradmin666
Mar  3 23:18:40 sshd3 sshd[27754]: Failed Username:nagios Password:123456
Mar  3 23:18:40 sshd3 sshd[27760]: Failed Username:ansible Password:ansible1234
Mar  3 23:18:40 sshd3 sshd[27751]: Failed Username:es Password:es666
Mar  3 23:18:40 sshd3 sshd[27755]: Failed Username:work Password:123
Mar  3 23:18:40 sshd3 sshd[27761]: Failed Username:ec2-user Password:Ec2-User666
Mar  3 23:18:40 sshd3 sshd[27762]: Failed Username:vagrant Password:12345678
Mar  3 23:18:40 sshd3 sshd[27764]: Failed Username:fa Password:123456
Mar  3 23:18:40 sshd3 sshd[27763]: Failed Username:odoo15 Password:odoo15
Mar  3 23:18:40 sshd3 sshd[27767]: Failed Username:root Password:Root2022
Mar  3 23:18:40 sshd3 sshd[27765]: Failed Username:anil Password:anil
Mar  3 23:18:40 sshd3 sshd[27769]: Failed Username:telnet Password:Telnet1
Mar  3 23:18:40 sshd3 sshd[27768]: Failed Username:ftpuser Password:123456789
Mar  3 23:18:40 sshd3 sshd[27771]: Failed Username:ali Password:ali
Mar  3 23:18:40 sshd3 sshd[27766]: Failed Username:root Password:Root1337
Mar  3 23:18:40 sshd3 sshd[27770]: Failed Username:deploy Password:Deploy1
Mar  3 23:18:40 sshd3 sshd[27772]: Failed Username:ubuntu Password:ubuntu
Mar  3 23:18:40 sshd3 sshd[27788]: Failed Username:guest Password:123
Mar  3 23:18:40 sshd3 sshd[27789]: Failed Username:admin Password:Test1
Mar  3 23:18:40 sshd3 sshd[27790]: Failed Username:service Password:service1234
Mar  3 23:18:40 sshd3 sshd[27792]: Failed Username:zjw Password:12345678
Mar  3 23:18:40 sshd3 sshd[27791]: Failed Username:ftpuser Password:Ftpuser1234
Mar  3 23:18:40 sshd3 sshd[27793]: Failed Username:ansadmin Password:123
Mar  3 23:22:55 sshd3 sshd[27809]: Failed Username:admin Password:admin
Mar  3 23:22:55 sshd3 sshd[27809]: Failed Username:admin Password:
Mar  3 23:22:56 sshd3 sshd[27809]: Failed Username:admin Password:7ujMko0admin
Mar  3 23:22:56 sshd3 sshd[27809]: Failed Username:admin Password:1234
Mar  3 23:25:44 sshd3 sshd[27812]: Failed Username:spam Password:spam
Retrieved from "https://www.completenoobs.com/noobs/index.php?title=Ubuntu_18.04_OpenSSH-Server_Capture_Failed_Passwords&oldid=414"