HackFest Series: SSH or "Is it Safe Yet"?
Lisa Kachold
lisakachold at obnosis.com
Tue Nov 25 16:18:23 MST 2008
The question of whether your SSH is secure or can be intercepted is not simple!
EXACT INFORMATION RELATED TO VERSIONS, CONFIGURATION, and NETWORK TRUSTS ARE REQUIRED FOR A FULL SECURITY ANALYSIS of ANY PROTOCOL.
Legend {} = practical lab exploit
SSH exploits cover various implementations from Protocol 1.5 to 1.99 ( which drop back down when the connection is overflowed or DoS'd) to complete "somewhat secure" Protocol 2.0.
One can even BREAK modern [temporarily secure] SSH with changes to the /etc/ssh/sshd_config file (which exploiters [and admins] often [ahem] "customize") to allow X11 Forwarding, clear text, PAM, rhosts or another "useful" feature without considering greater layers of trust and mistrust in JustDoIt4Profit.com and ItCrisisJunkies4Us.com type shops.
Here's a breif list of the historic SSH exploits:
1) SSH CRC32 Compensation Attack
Detector 2002
2) Various Buffer Exploits
a) buffer_append_space() [including most recent in 2008] {http://www.milw0rm.com/exploits/6804 }
b) Key {http://www.securiteam.com/exploits/6D00M2K6AU.html }
c) SSH Challenge/Authentication Boundary Condition Exploit
d) SSH_FXP_OPEN exploit {http://securityvulns.com/Udocument754.html }
{ Gain a Root Shell: http://www.securityspace.com/smysecure/catdescr.html?cat=Gain+a+shell+remotely }
Protect via fwknob: http://74.125.45.132/search?q=cache:cVZswnUzh34J:barcampchicago.com/files/fwknop-20080817.pdf+SSH+MD5+replay+script&hl=en&ct=clnk&cd=8&gl=us&client=firefox-a}
3) Debian SSH key issue {http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2008-05/msg00416.html }
4) SSH Remote Challenge Exploits UsePrivilegeSeparation
&& SSH Remote PAM Challenge Exploits {scanned using http://www.monkey.org/~provos/scanssh/ }
5) SSH Privilege Escalation:
http://www2.packetstormsecurity.org/cgi-bin/search/search.cgi?searchvalue=OpenSSH+3.0.2p1+exploit&type=archives
6) SSH X11 Forwarding Exploits
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011
{http://www.secuobs.com/secumail/snsecumail/msg09943.shtml }
7) Password Attacking or Dictionary Attacks
Explanation and Tests post encroachment:
http://gii2.nagaokaut.ac.jp/gii/rsd.php?itemid=734
a) Worms: http://www.aerospacesoftware.com/ssh-kiddies.html
b) MD5 attack {http://www.brendangregg.com/Chaos08/session_0003.textSSH.replay }
c) Hydra [BackTrack] SSH dictionary attack {http://forum.darkc0de.com/index.php?action=vthread&forum=19&topic=3134}
8) Man in the middle or TCP/IP spoofing and ARP cache poisoning (especially in insufficiently source and destination limited firewalled networks and with "evil localhost entries in /etc/hosts").
{ http://www.hackingdefined.com/movies/see-s...m-tunneling.zip
You might need a techsmith codec to view: http://www.techsmith.com/download/codecs.asp }
[sshmitm and webmitm implement active
monkey-in-the-middle attacks against redirected SSH and HTTPS sessions
by exploiting weak bindings in ad-hoc PKI]
10) The most recent is the PLAIN TEXT leak for SSH recently announced on CPNI: http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
and this decription: http://www.securityfocus.com/archive/1/498558/30/0/threaded
It's probable that exploits for this are already circulating, as difficult as it seems to break. a creative use will certainly be implemented in conjunction with other tools.
Believe it or not there are a great many OLD versions of Protocol 1 out there in production server portals for highly visable Internet providers and corporations (some even with passwords as simple as "1234test" or "p at ssword").
There is more than one SSH protocol and more than one version of the sshd
program. All of the current 1.x versions of the sshd program implement SSH
protocol 1.5, which is generally called the SSH-1 protocol. Program versions 2
and higher with drop back to protocol 1 enabled show the SSH 1.99 protocol or
if drop back is disabled, they show SSH 2.0 protocol. Both of these are the
SSH-2 protocol. If you telnet to port 22 on a machine that is running the sshd
daemon, you get back a string that tells you the protocol currently being
implemented and the version of the sshd daemon. For example, a returned string
might be: SSH-1.5-1.2.27 which tells you that the daemon is implementing
protocol version 1.5 and that the daemon is version 1.2.27.
It's generally recommended to know the features and limitations of every application in place. Here's OpenSSH's version to exploit description: http://www.openssh.com/security.html
SSH Hacking and Tunneling Exploits: http://www.youtube.com/watch?v=eU4gFO0Z6GA
www.Obnosis.com | http://en.wiktionary.org/wiki/Citations:obnosis |
http://www.urbandictionary.com/define.php?term=obnosis (503)754-4452
Catch the January PLUG HackFest! Kristy Westphal, CSO for the Arizona Department of Economic
Security will provide a one hour
presentation on forensics.
Laugh at this MSN Footer:
_________________________________________________________________
Windows Live Hotmail now works up to 70% faster.
http://windowslive.com/Explore/Hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_faster_112008
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20081125/eaba4d87/attachment.htm
More information about the PLUG-discuss
mailing list