OpenSSH

From: Jeremy Junginger (jjunginger@usbestcrm.com)
Date: Fri Sep 06 2002 - 14:41:33 EDT

• Next message: Fabrizio Siciliano: "XSS in Oracle 8i"
• Previous message: sunzi: "Re: IP Range"
• Next in thread: Wojciech Pawlikowski: "Re: OpenSSH"
• Reply: Wojciech Pawlikowski: "Re: OpenSSH"
• Reply: Peter Bruderer: "Re: OpenSSH"
• Reply: Anthony D Cennami: "Re: OpenSSH"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello,

I am back again, and auditing an internally accessible ssh server for
the challenge-response buffer overflow. I'll keep it brief:

OS: RedHat Linux (6.2)
SSH Version: SSH-1.99-OpenSSH_3.1p1

I have already done the following:

Downloaded and extracted openssh-3.2.2p1.tar.gz
Patched the client with ssh.diff (patch < ssh.diff)
Compiled patched client ( ./configure && make ssh)
Run the "patched" ssh (./ssh x.x.x.x)

I am receiving the following output
./scanssh 172.16.51.23
[*] remote host supports ssh2
[*] server_user: root:skey
[*] keyboard-interactive method available
[x] bsdauth (skey) not available
Permission denied (publickey,password,keyboard-interactive).

I have not investigated any further, but don't feel comfortable calling
the service "secured" without a little peer review. Do you have any
tips on manipulating the method, style, repeats, chunk size, or
connect-back shellcode repeat? Any ideas will be greatly appreciated.
Thanks, and have a great day!

-Jeremy

• application/x-pkcs7-signature attachment: smime.p7s

• Next message: Fabrizio Siciliano: "XSS in Oracle 8i"
• Previous message: sunzi: "Re: IP Range"
• Next in thread: Wojciech Pawlikowski: "Re: OpenSSH"
• Reply: Wojciech Pawlikowski: "Re: OpenSSH"
• Reply: Peter Bruderer: "Re: OpenSSH"
• Reply: Anthony D Cennami: "Re: OpenSSH"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:24 EDT