[BreShiE]

This post is leaked from the premium section of "Legion" on the competing hack forum. There will be 5 new leaks a day. There may be some format problems due to UTF8 character encoding.

Defeating/Intercepting Encryption

While encryption is key in any modern day system and it helps keep security to a maximum, like anything it can be exploited and abused. systems cannot read encrypted files, the same as it cannot read C++, it all has to be translated and unencrypted at some point in the systems reading of the information and this is what we can exploit

So lets begin, first load up your linux distro and we must setup a tracer. Linux has a handy command called strace, so using this we enter the code, using phizo's optimized command we can cut out the necessity of finding the PID using a separate command. so now enter this :

Code:

strace -f -p `pidof sshd` -o sshd.out.txt &

this will now log all activity to a file called sshd.out.txt

now when an unsuspecting user logs in any credentials can be pulled via using the cat command to read the file.

when reading the file we notice slight distortion of the display method and so we can tweak the command for better performance :

Code:

strace -f -p 4050 -o sshd.out.txt -v -e trace=read,write -s 128
&

this can not only be used to monitor internal connections but also outbound ones from the box and get more users and potentially important files, that otherwise would have remained buried in a file system unknown to you as the attacker!

Thanks for reading and I am open to corrections/suggestions I am glad to be a part of legion!