Re: SSH Protocol Trick

From: H D Moore (sflistat_private)
Date: Mon Jul 22 2002 - 17:45:43 PDT

Next message: auto458545at_private: "SSH Protocol Trick"

Previous message: Andreas Sandblad: "Pressing CTRL in IE is dangerous - Sandblad advisory #8"
Next in thread: Mikael Olsson: "Re: SSH Protocol Trick"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ettercap has had this ability for months:

$ cat etter.filter.ssh
############################################################################
#                                                                          #
#  ettercap -- etter.filter -- filter chain file                           #
#                                                                          #
[ snip ]

##
#
#   This filter will substitute the SSH server response from SSH-1.99 to
#   SSH-1.51, so if the server supports both ssh1 and ssh2 we will force
#   it to use ssh1... ;)
#   server response :    SSH-1.99    both ssh1 and ssh2 supported
#                        SSH-1.51    only ssh1 supported
##
[ snip ]


http://ettercap.sf.net/

On Monday 22 July 2002 18:43, auto458545at_private wrote:
> SSH Protocol Weakness Advisory
> Monday, July 22 2002
> - rtm
>
> OK, here it is guys... I saw this today when I was looking at the newest
> issue of phrack (59) and I discovered that an old little technique of SSH
> man in the middle attacks I had been working on was now part of a Phrack
> article....

Next message: auto458545at_private: "SSH Protocol Trick"
Previous message: Andreas Sandblad: "Pressing CTRL in IE is dangerous - Sandblad advisory #8"
Next in thread: Mikael Olsson: "Re: SSH Protocol Trick"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 23 2002 - 13:53:55 PDT