Penetration Testing mailing list archives
Re: OpenSSH
From: Wojciech Pawlikowski <ducer () u-n-f com>
Date: Sat, 7 Sep 2002 08:29:28 +0200
On Fri, Sep 06, 2002 at 11:41:33AM -0700, Jeremy Junginger wrote:
Hello, I am back again, and auditing an internally accessible ssh server for the challenge-response buffer overflow. I'll keep it brief: OS: RedHat Linux (6.2) SSH Version: SSH-1.99-OpenSSH_3.1p1 I have already done the following: Downloaded and extracted openssh-3.2.2p1.tar.gz Patched the client with ssh.diff (patch < ssh.diff) Compiled patched client ( ./configure && make ssh) Run the "patched" ssh (./ssh x.x.x.x) I am receiving the following output ./scanssh 172.16.51.23 [*] remote host supports ssh2 [*] server_user: root:skey [*] keyboard-interactive method available [x] bsdauth (skey) not available Permission denied (publickey,password,keyboard-interactive).
as you can see, bsdauth (skey) isn't supported by this ssh. I think you're trying to run Gobbles exploit sshutup-theo (tnx to them ;) against system which hasn't got SKEY feature available. BTW: OpenBSD is default exploitable only, cause it has got SKEY mechanism available in default SSH. Some people did Linsux version of this exploit, but I haven't got it, so I don't test it. -- * Wojciech Pawlikowski :: <ducer () u-n-f com> :: NIC-HDL: WP5161-RIPE * * http://www.u-n-f.com CORE member :: http://www.pot-tv.com big fun * ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- OpenSSH Jeremy Junginger (Sep 06)
- Re: OpenSSH Wojciech Pawlikowski (Sep 09)
- Re: OpenSSH Peter Bruderer (Sep 09)
- Re: OpenSSH Anthony D Cennami (Sep 11)