├── .gitignore ├── .vscode └── c_cpp_properties.json ├── Makefile ├── README.md ├── cmd ├── main.go └── sshd_backdoor │ ├── banner │ ├── rootCmd.go │ └── subCommand │ ├── attach_inject.go │ ├── demo.go │ ├── description.txt │ ├── detach.go │ ├── init.go │ └── sendkey.go ├── go.mod ├── go.sum ├── pkg ├── ebpf-c │ ├── common.h │ ├── exit_syscall.h │ ├── maps.h │ ├── openat_syscall.h │ ├── read_syscall.h │ └── xdp.c ├── ebpf-new │ ├── attach_detach.go │ ├── const.go │ ├── linkop.go │ ├── object.go │ └── sendkey.go └── generate │ ├── .gitignore │ ├── bpf_bpfeb.go │ ├── bpf_bpfel.go │ └── compile.go └── test ├── bpftrace ├── sshd_keylogging.bt ├── sshd_keylogging_verbose.bt └── sshd_open_read_watch_dog.bt ├── fake_sshd └── main.c └── sshkey_len ├── __DON'T_USE_KEYS_FROM_THIS_FOLDER__ ├── ssh_pub_len ├── test1024rsa ├── test1024rsa.pub ├── test2048rsa ├── test2048rsa.pub ├── tested25519 └── tested25519.pub /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/.gitignore -------------------------------------------------------------------------------- /.vscode/c_cpp_properties.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/.vscode/c_cpp_properties.json -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/Makefile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/README.md -------------------------------------------------------------------------------- /cmd/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/cmd/main.go -------------------------------------------------------------------------------- /cmd/sshd_backdoor/banner: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/cmd/sshd_backdoor/banner -------------------------------------------------------------------------------- /cmd/sshd_backdoor/rootCmd.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/cmd/sshd_backdoor/rootCmd.go -------------------------------------------------------------------------------- /cmd/sshd_backdoor/subCommand/attach_inject.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/cmd/sshd_backdoor/subCommand/attach_inject.go -------------------------------------------------------------------------------- /cmd/sshd_backdoor/subCommand/demo.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/cmd/sshd_backdoor/subCommand/demo.go -------------------------------------------------------------------------------- /cmd/sshd_backdoor/subCommand/description.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/cmd/sshd_backdoor/subCommand/description.txt -------------------------------------------------------------------------------- /cmd/sshd_backdoor/subCommand/detach.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/cmd/sshd_backdoor/subCommand/detach.go -------------------------------------------------------------------------------- /cmd/sshd_backdoor/subCommand/init.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/cmd/sshd_backdoor/subCommand/init.go -------------------------------------------------------------------------------- /cmd/sshd_backdoor/subCommand/sendkey.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/cmd/sshd_backdoor/subCommand/sendkey.go -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/go.mod -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/go.sum -------------------------------------------------------------------------------- /pkg/ebpf-c/common.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/pkg/ebpf-c/common.h -------------------------------------------------------------------------------- /pkg/ebpf-c/exit_syscall.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/pkg/ebpf-c/exit_syscall.h -------------------------------------------------------------------------------- /pkg/ebpf-c/maps.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/pkg/ebpf-c/maps.h -------------------------------------------------------------------------------- /pkg/ebpf-c/openat_syscall.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/pkg/ebpf-c/openat_syscall.h -------------------------------------------------------------------------------- /pkg/ebpf-c/read_syscall.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/pkg/ebpf-c/read_syscall.h -------------------------------------------------------------------------------- /pkg/ebpf-c/xdp.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/pkg/ebpf-c/xdp.c -------------------------------------------------------------------------------- /pkg/ebpf-new/attach_detach.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/pkg/ebpf-new/attach_detach.go -------------------------------------------------------------------------------- /pkg/ebpf-new/const.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/pkg/ebpf-new/const.go -------------------------------------------------------------------------------- /pkg/ebpf-new/linkop.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/pkg/ebpf-new/linkop.go -------------------------------------------------------------------------------- /pkg/ebpf-new/object.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/pkg/ebpf-new/object.go -------------------------------------------------------------------------------- /pkg/ebpf-new/sendkey.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/pkg/ebpf-new/sendkey.go -------------------------------------------------------------------------------- /pkg/generate/.gitignore: -------------------------------------------------------------------------------- 1 | *.o -------------------------------------------------------------------------------- /pkg/generate/bpf_bpfeb.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/pkg/generate/bpf_bpfeb.go -------------------------------------------------------------------------------- /pkg/generate/bpf_bpfel.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/pkg/generate/bpf_bpfel.go -------------------------------------------------------------------------------- /pkg/generate/compile.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/pkg/generate/compile.go -------------------------------------------------------------------------------- /test/bpftrace/sshd_keylogging.bt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/test/bpftrace/sshd_keylogging.bt -------------------------------------------------------------------------------- /test/bpftrace/sshd_keylogging_verbose.bt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/test/bpftrace/sshd_keylogging_verbose.bt -------------------------------------------------------------------------------- /test/bpftrace/sshd_open_read_watch_dog.bt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/test/bpftrace/sshd_open_read_watch_dog.bt -------------------------------------------------------------------------------- /test/fake_sshd/main.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/test/fake_sshd/main.c -------------------------------------------------------------------------------- /test/sshkey_len/__DON'T_USE_KEYS_FROM_THIS_FOLDER__: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /test/sshkey_len/ssh_pub_len: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/test/sshkey_len/ssh_pub_len -------------------------------------------------------------------------------- /test/sshkey_len/test1024rsa: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/test/sshkey_len/test1024rsa -------------------------------------------------------------------------------- /test/sshkey_len/test1024rsa.pub: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/test/sshkey_len/test1024rsa.pub -------------------------------------------------------------------------------- /test/sshkey_len/test2048rsa: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/test/sshkey_len/test2048rsa -------------------------------------------------------------------------------- /test/sshkey_len/test2048rsa.pub: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/test/sshkey_len/test2048rsa.pub -------------------------------------------------------------------------------- /test/sshkey_len/tested25519: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/test/sshkey_len/tested25519 -------------------------------------------------------------------------------- /test/sshkey_len/tested25519.pub: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Esonhugh/sshd_backdoor/HEAD/test/sshkey_len/tested25519.pub --------------------------------------------------------------------------------