Re: SSH exploit

From: Nico Kadel-Garcia (nkadel_at_comcast.net)
Date: 12/22/03 

Date: Mon, 22 Dec 2003 09:12:05 -0500

"Paul J. Richardson" <paul.j.richardson@earthlink.net> wrote in message
news:FpsFb.8554$wL6.7086@newsread1.news.atl.earthlink.net...
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> My professor (NCSU) wants me to hack his honeynet box (it's on the
> internet, but I can't give anyone the IP), but I'm somewhat new to
> Linux, and barely read uncompiled script. My only hope (if even
> relevant?), is I know a bit about TCP/IP and crypto. He flat told me
> SSH was my best hope of getting in.
>
> A peripheral issue is that (except for one tool at
> packetstormsecurity.nl), I can't find the tools/scripts described at
> places such as
> http://www.totse.com/en/hack/hack_attack/162684.html

Is this a school assignment, in which case we might let you do your own
work? And can you use any of the easier social-exploit based attacks, such
as shoulder surfing him?

Yeah, getting up-to-date cracking tools is tough: many security people don't
like to post them publicly, not since the days of the "8lgm" or
"eight-legged-groove-machine", who got so tired of Sun ignoring their bug
reports they started posting exploit scripts. Sun would patch to block the
exploit script but wouldn't actually fix the flaw, so they'd just post the
next one: it was fun to watch for a while.

You also might look into the logs of alt.2600, if you can stomach the spam
and cracker-wanna-be's, for references to the tools.

Relevant Pages

  • Re: Will Linux become as vulnerable as MS ??
    ... > beeing vulnerable to viruses. ... > that they know are executable, and execute intentionally. ... >> Linux, each distro is a little different, and even within the distro, ... > Since clicking on a script is easier than typing it's name, ...
    (comp.os.linux.security)
  • wonk mode
    ... workable Linux system for my home computer, ... MEPIS release (replacing a much older "Fedora" ... Red Hat Package Monitor formatted software archives ... This little dandy script, line wrapped ...
    (comp.os.linux.misc)
  • Re: Compiling gnuplot with libgd
    ... of running this script. ... installing the gnuplot graphing program ... By building a package for damn small linux I can have it automatically ... install gnuplot and run my required script without having to customize ...
    (comp.graphics.apps.gnuplot)
  • Re: Setting Up NTP for Time Sync
    ... prg wrote: ... >>I've made no changes to the script file that I know of. ... > packet filter facilities included with Linux. ... > This should set up your Linux box for ntp. ...
    (comp.os.linux.networking)
  • Re: Does Suse Suck?
    ... a desktop environment, but turn off all the eye-candy. ... recently switched all my KDE desktops to the KDE classic theme, ... That is also the reason why initialy Linux did not run on 286 machines ... What I would suspect or at leasst try to achive is to write a script ...
    (alt.os.linux.suse)