PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

SSH Diffie-Hellman exchange Decryptor tool

From: danilonc at bugnotfound.com (Danilo Nascimento)
Date: Wed, 19 May 2010 16:27:49 -0300
I'll search for it, thanks Ulisses...

BTW, I've also tried decrypt the SSL traffic using the wireshark SSL
option (http://wiki.wireshark.org/SSL) but i couldn't decrypt the SSH
traffic although i could decrypt HTTPS traffic.

Maybe i'm doing something wrong with wireshark.

Thanks,
Danilo Nascimento



On Wed, May 19, 2010 at 3:44 PM, Ulisses Castro <uss.thebug at gmail.com> wrote:

Sorry... this "portugese mail" is supposed to be in pvt! To Danilo. =\

Btw, translated version:
A long time ago I saw one guy that talks on DebConf (Argentina) and show a
little trick on Wireshark to made what do you want.

My two cents,

Ulisses

On Wed, May 19, 2010 at 3:39 PM, Ulisses Castro <uss.thebug at gmail.com>
wrote:


Opa! E ae Danilo beleza?

Ent?o h? um temp?o atraz vi uma apresenta??o na Debconf que rolou na
argentina e o cara que apresentou a falha das chaves de SSH na ?poca
utilizou o Wireshark para descriptografar o tr?fego "on the fly"... muito
interessante, nunca fiz nenhum POC relacionado mas fica ae a dica que talvez
possa te ajudar.

Grande abra?o,

Ulisses

On Wed, May 19, 2010 at 2:22 PM, Danilo Nascimento
<danilonc at bugnotfound.com> wrote:


Hi Guys!

Do you know any tool that can decrypt an SSH traffic that was
authenticated via Public-Key?
I have both Server private key and User private key, but i can't
figure out how i can extract the DH Key and then get the clear ssh
session.

I've already tried the ssh_decoder (http://www.cr0.org/progs/sshfun/)
but there is no option to provide the certificates, it tries
brute-forcing the debian vulnerable keys (CVE-2008-0166)

Thanks,
Danilo Nascimento
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


--
Ulisses Castro




--
Ulisses Castro, CEH, LPIC-2
Security Researcher
Blog: http://ulissescastro.com
Twitter: http://twitter.com/usscastro
Conviso IT Security - http://www.conviso.com.br

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: