OpenSSH
From: Jeremy Junginger (jjunginger@usbestcrm.com)Date: 09/06/02
- Previous message: sunzi: "Re: IP Range"
- Next in thread: Wojciech Pawlikowski: "Re: OpenSSH"
- Reply: Wojciech Pawlikowski: "Re: OpenSSH"
- Reply: Peter Bruderer: "Re: OpenSSH"
- Reply: Anthony D Cennami: "Re: OpenSSH"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 6 Sep 2002 11:41:33 -0700 From: "Jeremy Junginger" <jjunginger@usbestcrm.com> To: <pen-test@securityfocus.com>
Hello,
I am back again, and auditing an internally accessible ssh server for
the challenge-response buffer overflow. I'll keep it brief:
OS: RedHat Linux (6.2)
SSH Version: SSH-1.99-OpenSSH_3.1p1
I have already done the following:
Downloaded and extracted openssh-3.2.2p1.tar.gz
Patched the client with ssh.diff (patch < ssh.diff)
Compiled patched client ( ./configure && make ssh)
Run the "patched" ssh (./ssh x.x.x.x)
I am receiving the following output
./scanssh 172.16.51.23
[*] remote host supports ssh2
[*] server_user: root:skey
[*] keyboard-interactive method available
[x] bsdauth (skey) not available
Permission denied (publickey,password,keyboard-interactive).
I have not investigated any further, but don't feel comfortable calling
the service "secured" without a little peer review. Do you have any
tips on manipulating the method, style, repeats, chunk size, or
connect-back shellcode repeat? Any ideas will be greatly appreciated.
Thanks, and have a great day!
-Jeremy
- application/x-pkcs7-signature attachment: smime.p7s
- Previous message: sunzi: "Re: IP Range"
- Next in thread: Wojciech Pawlikowski: "Re: OpenSSH"
- Reply: Wojciech Pawlikowski: "Re: OpenSSH"
- Reply: Peter Bruderer: "Re: OpenSSH"
- Reply: Anthony D Cennami: "Re: OpenSSH"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
