Hello, I am back again, and auditing an internally accessible ssh server for the challenge-response buffer overflow. I'll keep it brief: OS: RedHat Linux (6.2) SSH Version: SSH-1.99-OpenSSH_3.1p1 I have already done the following: Downloaded and extracted openssh-3.2.2p1.tar.gz Patched the client with ssh.diff (patch < ssh.diff) Compiled patched client ( ./configure && make ssh) Run the "patched" ssh (./ssh x.x.x.x) I am receiving the following output ./scanssh 172.16.51.23 [*] remote host supports ssh2 [*] server_user: root:skey [*] keyboard-interactive method available [x] bsdauth (skey) not available Permission denied (publickey,password,keyboard-interactive). I have not investigated any further, but don't feel comfortable calling the service "secured" without a little peer review. Do you have any tips on manipulating the method, style, repeats, chunk size, or connect-back shellcode repeat? Any ideas will be greatly appreciated. Thanks, and have a great day! -Jeremy
This archive was generated by hypermail 2b30 : Fri Sep 06 2002 - 15:25:41 PDT