|
Title: Arp poisoning the server and SSH key stripping? Post by: manoj9372 on September 20, 2010, 03:37:19 PM Arp poisoning the server and SSH key stripping?
As we all know what is arp poison, but is there any ways to poison the traffic of the server..... And also most of us knows ssl stripping,like that can we able to strip the ssh keys and can we able to hijack or decrypt the connection? If it is possible what are the mechanism and tools i should use to do it? hope i will find some help.... Title: Re: Arp poisoning the server and SSH key stripping? Post by: hayabusa on September 20, 2010, 06:21:35 PM Google Ettercap and SSLStrip... Both are capable.
Title: Re: Arp poisoning the server and SSH key stripping? Post by: manoj9372 on September 21, 2010, 02:58:53 PM Can i have a confirmation?
Does ssl stripping can also strip ssh keys too? And can ettercap can ettercap able to poison the server traffic in which i am connected to? Title: Re: Arp poisoning the server and SSH key stripping? Post by: dante on September 21, 2010, 03:52:26 PM Can i have a confirmation? No. Its for stripping HTTPS and has nothing to do with ssh... You should read the blackhat presentationDoes ssl stripping can also strip ssh keys too? https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf And can ettercap can ettercap able to poison the server traffic in which i am connected to? Hope you know arp poisoning is for LANs. In arp poisoning usually the clients arp cache is poisoned to intercept server traffic.Title: Re: Arp poisoning the server and SSH key stripping? Post by: hayabusa on September 21, 2010, 04:28:50 PM ARP poisoning will work in either direction... The idea being that you're telling the network that a given IP address(es) resolves to the MAC address of the attacking machine, to play man-in-the-middle.
Incidentally, sorry... I completely missed that you mentioned SSH versus SSL... My bad! (Man, these meds for my back must be stronger than I thought...) My reply was aimed at SSL and arp, not ssh. Apologies. Title: Re: Arp poisoning the server and SSH key stripping? Post by: manoj9372 on September 21, 2010, 08:22:25 PM again saying,i am not talking about arp poisoning the server, I am not
talking about intercepting client's traffic to server..,how can i do it? Looking for some ideas.... Title: Re: Arp poisoning the server and SSH key stripping? Post by: hayabusa on September 21, 2010, 08:43:57 PM If you want to intercept the traffic, you need to either sniff on a non-switched segment, to which the server is attached, be on a spanned switch port with the server / client, or ARP spoof... How else do you anticipate being in the path to intercept / receive the traffic? (Excluding, of course, broadcast traffic.....)
Decrypting said traffic is more difficult, particularly if you're talking about ssh. SSL-wise, go back to my first post... Title: Re: Arp poisoning the server and SSH key stripping? Post by: dante on September 22, 2010, 09:49:39 AM again saying,i am not talking about arp poisoning the server, I am not I am not sure what you are asking here... Hope you are not asking for a step by step instructions on how to use ettercap to poison client/server's cache and intercept traffic.. There are several online tutorials for that...talking about intercepting client's traffic to server..,how can i do it? Adding to what hayabusa mentioned, there is also the option of MAC flooding (usually not possible in latest switches unless misconfigured),DHCP MITM etc... For intercepting ssh - you might want to google dsniff -sshmitm... @hayabusa Hope you get well soon... Title: Re: Arp poisoning the server and SSH key stripping? Post by: hayabusa on September 22, 2010, 02:14:46 PM @dante - Thanks... trying... appreciate the well wishes! :)
Powered by SMF 1.1.18 |
SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com |