Re: Tool to make mitm on ssh2

From: Micha Borrmann (borrmann@syss.de)
Date: Tue Jan 24 2006 - 11:07:28 EST


Max Ashton schrieb:
> Have you tried the tool out yet?

> Anyone else on the list had any good (Or horrifying) experience with this
> tool?

it's possible to use, e.g. in combination with dnsspoof from dsniff. It
generates a lot of output, but the login password can be found. For
demonstrations why to use keys instead of passwords, it is good. sshmitm
from dsniff is IMHO more userfriendly, but, it works not with SSH2.

>>The soft JMITM2 can do such an attack:
>>http://www.david-guembel.de/index.php?id=6.

Bye,
Micha

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:25 EDT