Fake sshd – [Penetration testing tools]

This is a fake sshd which can be used to log common login attempts which are typically used by scammers / spammers / script kiddies to attempt to gain access to servers. Here are a few reason why this one is different.

Does not modify OpenSSH. It uses libssh instead.
There is no valid way to login to a shell.
Can be used to tarpit / delay attackers.
Can be used to “steal” the dictionary’s of the attacks.

To get this to work you will need a recent copy of libssh. The one that ships on debian lenny isn’t recent enough. Then compile it using something like this assuming that libssh is installed correctly. Or you will need to add the include dir’s using -I and the lib dir’s using -L

gcc -Wall fake-sshd.c -o fake-ssh -lssh

Options currently supported are

Usage: ./fake-sshd.exe [<options>]

-a <secs> Failed Auth delay
-b <str> Set the banner
-h Print this help and exit
-m <n> Max attempts per connection
-p <port> Port to listen on
-r <file> Path to rsa key
-d <file> Path to dsa key
-s Log to syslog
-t <secs> Timeout
-v Verbose. Repeat for more info
-w <secs> Delay after connection

Download Source Script :  fake-sshd.c

Advertisements