OpenSSH

• Previous message: sunzi: "Re: IP Range"
• Next in thread: Wojciech Pawlikowski: "Re: OpenSSH"
• Reply: Wojciech Pawlikowski: "Re: OpenSSH"
• Reply: Peter Bruderer: "Re: OpenSSH"
• Reply: Anthony D Cennami: "Re: OpenSSH"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

I am back again, and auditing an internally accessible ssh server for
the challenge-response buffer overflow.  I'll keep it brief:

OS: RedHat Linux (6.2)
SSH Version:  SSH-1.99-OpenSSH_3.1p1

I have already done the following:

Downloaded and extracted openssh-3.2.2p1.tar.gz
Patched the client with ssh.diff (patch < ssh.diff)
Compiled patched client ( ./configure && make ssh)
Run the "patched" ssh (./ssh x.x.x.x)

I am receiving the following output
./scanssh 172.16.51.23
[*] remote host supports ssh2
[*] server_user: root:skey
[*] keyboard-interactive method available
[x] bsdauth (skey) not available
Permission denied (publickey,password,keyboard-interactive).

I have not investigated any further, but don't feel comfortable calling
the service "secured" without a little peer review.  Do you have any
tips on manipulating the method, style, repeats, chunk size, or
connect-back shellcode repeat?  Any ideas will be greatly appreciated.
Thanks, and have a great day!

-Jeremy

• application/x-pkcs7-signature attachment: smime.p7s

• Next message: Fabrizio Siciliano: "XSS in Oracle 8i"
• Previous message: sunzi: "Re: IP Range"
• Next in thread: Wojciech Pawlikowski: "Re: OpenSSH"
• Reply: Wojciech Pawlikowski: "Re: OpenSSH"
• Reply: Peter Bruderer: "Re: OpenSSH"
• Reply: Anthony D Cennami: "Re: OpenSSH"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Sep 06 2002 - 15:25:41 PDT