Offensive Security Tool: SSHPry2.0

by | May 1, 2021 | Tools


Premium Content

Patreon

Subscribe to Patreon to watch this episode.


 

 

Reading Time: 3 Minutes

Offensive Security Tool: SSHPry2.0

GitHub Link

 

 

SSHPry2.0

 

This is a second release of SSHPry tool, with multiple features added.

 

⦿ Control of target’s TTY
⦿ Built-In Keylogger
⦿ Console-Level phishing
⦿ Record & Replay previous sessions

 

 

SSHPry v2 – Spy & Control os SSH Connected client’s TTY

 

SSHPry2.0 is a tool written by nopernik that seamlessly let’s you spy on SSH session like it is your tty. As SSH is one of the most used protocols by hackers and admins when it comes to controlling a Linux machine remotely, the most dangerous part, is when you can spy on that session in real-time, record keystrokes, and even use phishing attacks from within the terminal.

 

 

 

The main purpose of this tool had this question: What if you’ll have a tool that can show you a terminal of active SSH connection? and… maybe… control it? Record it? Investigate?

 

 

See Also: Offensive Security Tool: ADFSBrute

 

 

Using Attacks like SSH Snooping and RDP Session Hijacking, you know that every *nix user should already know about GNU Screen, especially of its -x multi display mode feature, that allows to observe an attached screen session. Using SSH Snooping attack, you can utilize ‘strace’ to get all process syscalls read/write including root’s password. SSHPry is a script that mirrors a terminal of connected SSH Client.

 

 

By combining all these techniques and spawning two separate threads one for echoing ‘strace’ strings to your terminal and second for transferring your standard input to target TTY you get a tool that replicates GNU screen ‘-x’ feature without screen itself with couple more #redteam and #blueteam related cool features.

 

See Also: Hacking has Evolved

 

Once you get full control over the session, and you get all strings, you can make some ‘phishing attacks’ in that session, while listening to all strings with ‘strace’, you can get clear-text password of any logged in user, especially root.

 

-Read in more details-

 


 

Merch

Share This