Re: OpenSSH

[Wojciech Pawlikowski <ducer () u-n-f com>]

On Fri, Sep 06, 2002 at 11:41:33AM -0700, Jeremy Junginger wrote:
> Hello,
>
> I am back again, and auditing an internally accessible ssh server for
> the challenge-response buffer overflow.  I'll keep it brief:
>
> OS: RedHat Linux (6.2)
> SSH Version:  SSH-1.99-OpenSSH_3.1p1
>
> I have already done the following:
>
> Downloaded and extracted openssh-3.2.2p1.tar.gz
> Patched the client with ssh.diff (patch < ssh.diff)
> Compiled patched client ( ./configure && make ssh)
> Run the "patched" ssh (./ssh x.x.x.x)
>
> I am receiving the following output
> ./scanssh 172.16.51.23
> [*] remote host supports ssh2
> [*] server_user: root:skey
> [*] keyboard-interactive method available
> [x] bsdauth (skey) not available
> Permission denied (publickey,password,keyboard-interactive).

as you can see, bsdauth (skey) isn't supported by this ssh. I think you're
trying to run Gobbles exploit sshutup-theo (tnx to them ;) against system 
which hasn't got SKEY feature available. BTW: OpenBSD is default exploitable
only, cause it has got SKEY mechanism available in default SSH. Some people
did Linsux version of this exploit, but I haven't got it, so I don't test it.

-- 
* Wojciech Pawlikowski :: <ducer () u-n-f com> :: NIC-HDL: WP5161-RIPE *
* http://www.u-n-f.com CORE member :: http://www.pot-tv.com big fun *

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/