Penetration Testing mailing list archives
Re: Tool to make mitm on ssh2
From: David Wolever <wolever.lists () gmail com>
Date: Mon, 23 Jan 2006 22:01:57 -0500
I would imagine an SSH MITM tool would not be terribly popular. You can see why if you try and connect to a host who's encryption key has changed since you last connected (you have to manually edit ~/.ssh/known_hosts before SSH will connect). Very few people will just shrug that off the way they would, say "The certificate provided by this web page is invalid [Yes] [No]". Actually, that's what Putty does... but that's beside the point >_~ I would imagine, if you need to somehow attack SSH, it might be slightly easier to simply re-direct the connection to your machine (arp spoof, DNS hijack, what ever floats your boat) then just accept the connection yourself. All it would get you is the user's password (unless they are using key-based authentication), but its better than nothing. Just my thoughts on the matter... David On 1/21/06, Cedric Foll <cedric.foll () ac-rouen fr> wrote:
Hi, anyone knows a tool which is able to make a man in the middle on SSH2 ? I've found ssharp (http://stealth.openwall.net/SSH/) but it seem quite old and I failed to compile it. Anything else ? Regards. ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Tool to make mitm on ssh2 Cedric Foll (Jan 21)
- RE: Tool to make mitm on ssh2 Andy Meyers (Jan 22)
- Re: Tool to make mitm on ssh2 Cedric Foll (Jan 23)
- RE: Tool to make mitm on ssh2 Christine Kronberg (Jan 23)
- Re: Tool to make mitm on ssh2 Aaron (Jan 23)
- Re: Tool to make mitm on ssh2 Cedric Foll (Jan 23)
- Re: Tool to make mitm on ssh2 marko ruotsalainen (Jan 24)
- Re: Tool to make mitm on ssh2 Cedric Foll (Jan 24)
- Re: Tool to make mitm on ssh2 Max Ashton (Jan 24)
- Re: Tool to make mitm on ssh2 Micha Borrmann (Jan 28)
- Re: Tool to make mitm on ssh2 marko ruotsalainen (Jan 24)
- Re: Tool to make mitm on ssh2 David Wolever (Jan 24)
- RE: Tool to make mitm on ssh2 Andy Meyers (Jan 22)