Penetration Testing mailing list archives

Re: [PEN-TEST] sniffing ssh

From: Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU>
Date: Wed, 6 Dec 2000 23:38:17 -0500

On Wed, 6 Dec 2000, Ovanes Manucharyan wrote:

I was just wondering if there is a tool that will let one sniff ssh
traffic and view it on a terminal. Sort of similar to sniffit with the
-D option. This of course would entail knowing the ssh key. But lets
assume that I have recovered the session key somehow.


yes. if you are one end or the other you can use a tool called 'sshsniff'
to do this on UNIX (tested on Linux with libc5). it works by examining the
system calls, strace/ltrace style, and printing both sides of the
conversation.

extremely scary when you see it, but its due to the lack of
protected/compartmentalized areas of memory in the UNIX world. never
forget that this is your weakest link, the ends of the conversation (for
both ssh and PGP).

sshsniff can be found online at:

        http://www.psychoid.lam3rz.de/exploits.html

____________________________
jose nazario                                                 jose () cwru edu
                     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)

Current thread:

[PEN-TEST] sniffing ssh Ovanes Manucharyan (Dec 07)
- Re: [PEN-TEST] sniffing ssh Jose Nazario (Dec 10)