Re: SSHD Vuln Exploit X2

[Brandon <brandon () picomm net>]

The 2.99 stuff is incorrect.. what is that protocol?
It seems a lot of kids are quick to write "targets" files for this.
Oh well, answering your question, the reason why it wasn't written for 
older versions is because the CRC32 bug did not exist in those older 
versions. It was introduced in an attack detector in (I think) 1.2.25, if 
not, then definately 1.2.26. Try not running these variants, they may be 
backdoored, as source may have leaked and been modified. ELF virii are nasty.


At 12:22 PM 2/1/2002 -0500, Deb DeWolfe wrote:
> The exploit x2 seemd very usefull when it came out a while back after
> somebody in tesco leaked it, since then i have seen x3 and x4 clients some
> have been backdoored versions and some are actually worth using such as x4,
> the target lists vary alot i have seen targets for
> ( 2)    quick - SSH-1.5-OpenSSH-1.2
> ( 3)    quick - SSH-1.5-OpenSSH-1.2.2
> ( 4)    quick - SSH-1.5-1.2.25
> ( 5)    quick - SSH-1.5-1.2.26
> ( 6)    quick - SSH-1.5-1.2.27
> ( 7)    quick - SSH-1.5-1.2.30
> ( 8)    quick - SSH-1.5-1.2.31
> ( 9)    quick - SSH-1.99-OpenSSH_2.2.0p1
> (10)    quick - SSH-2.99-OpenSSH_2.2.0p1
> (12)    xlong - SSH-1.5-OpenSSH-1.2
> (13)    xlong - SSH-1.5-OpenSSH-1.2.2
> (14)    xlong - SSH-1.5-1.2.25
> (15)    xlong - SSH-1.5-1.2.26
> (16)    xlong - SSH-1.5-1.2.27
> (17)    xlong - SSH-1.5-1.2.30
> (18)    xlong - SSH-1.5-1.2.31
> (19)    xlong - SSH-1.99-OpenSSH_2.2.0p1
> (20)    xlong - SSH-2.99-OpenSSH_2.2.0p1
> i was wondering why has nobody written targets for some of the older sshs
> like 1.5-1.2.17 or 2.20 or 2.22 there old but should still work any ideas or
> any newer target lists such as 2.32 2.33 ?
>  i have seen up to 29 i have herd there are as many as 99 im not sure though