The Ethical Hacker Network - Arp poisoning the server and SSH key stripping?

manoj9372

Jr. Member

Offline

Posts: 72

Arp poisoning the server and SSH key stripping?

« on: September 20, 2010, 03:37:19 PM »

Arp poisoning the server and SSH key stripping?
As we all know what is arp poison,
but is there any ways to poison the traffic of the server.....

And also most of us knows ssl stripping,like that can we able to strip the ssh keys and can we able to hijack or decrypt the connection?

If it is possible what are the mechanism and tools i should use to do it?

hope i will find some help....


	Logged

hayabusa

Hero Member

Offline

Posts: 1633

Re: Arp poisoning the server and SSH key stripping?

« Reply #1 on: September 20, 2010, 06:21:35 PM »

Google Ettercap and SSLStrip... Both are capable.


	Logged

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

OSCE, OSCP , GPEN, C|EH

manoj9372

Jr. Member

Offline

Posts: 72

Re: Arp poisoning the server and SSH key stripping?

« Reply #2 on: September 21, 2010, 02:58:53 PM »

Can i have a confirmation?

Does ssl stripping can also strip ssh keys too?

And can ettercap can ettercap able to poison the server traffic in which i am connected to?


	Logged

dante

Jr. Member

Offline

Posts: 58

Re: Arp poisoning the server and SSH key stripping?

« Reply #3 on: September 21, 2010, 03:52:26 PM »

Quote from: manoj9372 on September 21, 2010, 02:58:53 PM

Can i have a confirmation?

Does ssl stripping can also strip ssh keys too?

No. Its for stripping HTTPS and has nothing to do with ssh... You should read the blackhat presentation
https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf

Quote from: manoj9372 on September 21, 2010, 02:58:53 PM

And can ettercap can ettercap able to poison the server traffic in which i am connected to?

Hope you know arp poisoning is for LANs. In arp poisoning usually the clients arp cache is poisoned to intercept server traffic.


	Logged

hayabusa

Hero Member

Offline

Posts: 1633

Re: Arp poisoning the server and SSH key stripping?

« Reply #4 on: September 21, 2010, 04:28:50 PM »

ARP poisoning will work in either direction... The idea being that you're telling the network that a given IP address(es) resolves to the MAC address of the attacking machine, to play man-in-the-middle.

Incidentally, sorry... I completely missed that you mentioned SSH versus SSL... My bad! (Man, these meds for my back must be stronger than I thought...)

My reply was aimed at SSL and arp, not ssh. Apologies.


	Logged

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

OSCE, OSCP , GPEN, C|EH

manoj9372

Jr. Member

Offline

Posts: 72

Re: Arp poisoning the server and SSH key stripping?

« Reply #5 on: September 21, 2010, 08:22:25 PM »

again saying,i am not talking about arp poisoning the server, I am not
talking about intercepting client's traffic to server..,how can i do it?

Looking for some ideas....


	Logged

hayabusa

Hero Member

Offline

Posts: 1633

Re: Arp poisoning the server and SSH key stripping?

« Reply #6 on: September 21, 2010, 08:43:57 PM »

If you want to intercept the traffic, you need to either sniff on a non-switched segment, to which the server is attached, be on a spanned switch port with the server / client, or ARP spoof... How else do you anticipate being in the path to intercept / receive the traffic? (Excluding, of course, broadcast traffic.....)

Decrypting said traffic is more difficult, particularly if you're talking about ssh. SSL-wise, go back to my first post...


	Logged

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

OSCE, OSCP , GPEN, C|EH

dante

Jr. Member

Offline

Posts: 58

Re: Arp poisoning the server and SSH key stripping?

« Reply #7 on: September 22, 2010, 09:49:39 AM »

Quote from: manoj9372 on September 21, 2010, 08:22:25 PM

again saying,i am not talking about arp poisoning the server, I am not
talking about intercepting client's traffic to server..,how can i do it?

I am not sure what you are asking here... Hope you are not asking for a step by step instructions on how to use ettercap to poison client/server's cache and intercept traffic.. There are several online tutorials for that...

Adding to what hayabusa mentioned, there is also the option of MAC flooding (usually not possible in latest switches unless misconfigured),DHCP MITM etc...

For intercepting ssh - you might want to google dsniff -sshmitm...

@hayabusa
Hope you get well soon...


« Last Edit: September 22, 2010, 09:57:40 AM by dante »	Logged

hayabusa

Hero Member

Offline

Posts: 1633

Re: Arp poisoning the server and SSH key stripping?

« Reply #8 on: September 22, 2010, 02:14:46 PM »

@dante - Thanks... trying... appreciate the well wishes!


	Logged

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

OSCE, OSCP , GPEN, C|EH

Pages: [1] Go Up

« previous next »