HackFest Series: SSH or "Is it Safe Yet"?

Lisa Kachold lisakachold at obnosis.com
Tue Nov 25 16:18:23 MST 2008








The question of whether your SSH is secure or can be intercepted is not simple!
  
EXACT INFORMATION RELATED TO VERSIONS, CONFIGURATION, and NETWORK TRUSTS ARE REQUIRED FOR A FULL SECURITY ANALYSIS of ANY PROTOCOL.

Legend {} = practical lab exploit

SSH exploits cover various implementations from Protocol 1.5 to 1.99 ( which drop back down when the connection is overflowed or DoS'd) to complete "somewhat secure" Protocol 2.0.

One can even BREAK modern [temporarily secure] SSH with changes to the /etc/ssh/sshd_config file (which exploiters [and admins] often [ahem] "customize") to allow X11 Forwarding, clear text, PAM, rhosts or another "useful" feature without considering greater layers of trust and mistrust in JustDoIt4Profit.com and ItCrisisJunkies4Us.com type shops.

Here's a breif list of the historic SSH exploits:

1) SSH CRC32 Compensation Attack
       Detector 2002

2) Various Buffer Exploits 

a) buffer_append_space() [including most recent in 2008] {http://www.milw0rm.com/exploits/6804 } 
b) Key {http://www.securiteam.com/exploits/6D00M2K6AU.html }
c) SSH Challenge/Authentication Boundary Condition Exploit
d) SSH_FXP_OPEN exploit {http://securityvulns.com/Udocument754.html }
 
{ Gain a Root Shell:  http://www.securityspace.com/smysecure/catdescr.html?cat=Gain+a+shell+remotely }

Protect via fwknob: http://74.125.45.132/search?q=cache:cVZswnUzh34J:barcampchicago.com/files/fwknop-20080817.pdf+SSH+MD5+replay+script&hl=en&ct=clnk&cd=8&gl=us&client=firefox-a}

3) Debian SSH key issue {http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2008-05/msg00416.html }

4) SSH Remote Challenge Exploits UsePrivilegeSeparation

&&  SSH Remote PAM Challenge Exploits  {scanned using http://www.monkey.org/~provos/scanssh/ }

5) SSH Privilege Escalation:

http://www2.packetstormsecurity.org/cgi-bin/search/search.cgi?searchvalue=OpenSSH+3.0.2p1+exploit&type=archives

6) SSH X11 Forwarding Exploits 
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011

{http://www.secuobs.com/secumail/snsecumail/msg09943.shtml }

7) Password Attacking or Dictionary Attacks

Explanation and Tests post encroachment: 
http://gii2.nagaokaut.ac.jp/gii/rsd.php?itemid=734

a) Worms:  http://www.aerospacesoftware.com/ssh-kiddies.html  

b) MD5 attack {http://www.brendangregg.com/Chaos08/session_0003.textSSH.replay }

c) Hydra [BackTrack] SSH dictionary attack {http://forum.darkc0de.com/index.php?action=vthread&forum=19&topic=3134}

8) Man in the middle or TCP/IP spoofing and ARP cache poisoning (especially in insufficiently source and destination limited firewalled networks and with "evil localhost entries in /etc/hosts").

{ http://www.hackingdefined.com/movies/see-s...m-tunneling.zip
You might need a techsmith codec to view: http://www.techsmith.com/download/codecs.asp }

[sshmitm and webmitm implement active
monkey-in-the-middle attacks against redirected SSH and HTTPS sessions
by exploiting weak bindings in ad-hoc PKI]

10) The most recent is the PLAIN TEXT leak for SSH recently announced on CPNI: http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt

and this decription:  http://www.securityfocus.com/archive/1/498558/30/0/threaded

It's probable that exploits for this are already circulating, as difficult as it seems to break. a creative use will certainly be implemented in conjunction with other tools.

Believe it or not there are a great many OLD versions of Protocol 1 out there in production server portals for highly visable Internet providers and corporations (some even with passwords as simple as "1234test" or "p at ssword").

There is more than one SSH protocol and more than one version of the sshd 
  program. All of the current 1.x versions of the sshd program implement SSH 
  protocol 1.5, which is generally called the SSH-1 protocol. Program versions 2 
  and higher with drop back to protocol 1 enabled  show the SSH 1.99 protocol or 
  if drop back is disabled, they show SSH 2.0 protocol. Both of these are the 
  SSH-2 protocol. If you telnet to port 22 on a machine that is running the sshd 
  daemon, you get back a string that tells you the protocol currently being 
  implemented and the version of the sshd daemon. For example, a returned string 
  might be: SSH-1.5-1.2.27 which tells you that the daemon is implementing 
  protocol version 1.5 and that the daemon is version 1.2.27.


It's generally recommended to know the features and limitations of every application in place.  Here's OpenSSH's version to exploit description:  http://www.openssh.com/security.html

SSH Hacking and Tunneling Exploits:  http://www.youtube.com/watch?v=eU4gFO0Z6GA

www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |
http://www.urbandictionary.com/define.php?term=obnosis (503)754-4452
Catch the January PLUG HackFest!   Kristy Westphal, CSO for the Arizona Department of Economic
Security will provide a one hour
presentation on forensics.

Laugh at this MSN Footer:

_________________________________________________________________
Windows Live Hotmail now works up to 70% faster.
http://windowslive.com/Explore/Hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_faster_112008
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20081125/eaba4d87/attachment.htm 


More information about the PLUG-discuss mailing list