.

Arp poisoning the server and SSH key stripping?

<<

manoj9372

Jr. Member
Jr. Member

Posts: 72

Joined: Mon Oct 05, 2009 8:54 am

Post Mon Sep 20, 2010 3:37 pm

Arp poisoning the server and SSH key stripping?

Arp poisoning the server and SSH key stripping?
As we all know what is arp poison,
but is there any ways to poison the traffic of the server.....

And also most of us knows ssl stripping,like that can we able to strip the ssh keys and can we able to hijack or decrypt the connection?

If it is possible what are the mechanism and tools i should use to do it?

hope i will find some help....
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Mon Sep 20, 2010 6:21 pm

Re: Arp poisoning the server and SSH key stripping?

Google Ettercap and SSLStrip...  Both are capable.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

manoj9372

Jr. Member
Jr. Member

Posts: 72

Joined: Mon Oct 05, 2009 8:54 am

Post Tue Sep 21, 2010 2:58 pm

Re: Arp poisoning the server and SSH key stripping?

Can i have a confirmation?

Does ssl stripping can also strip ssh keys too?

And can ettercap can ettercap  able to poison the server traffic in which i am connected to?
<<

dante

User avatar

Jr. Member
Jr. Member

Posts: 58

Joined: Wed Jul 21, 2010 10:17 pm

Post Tue Sep 21, 2010 3:52 pm

Re: Arp poisoning the server and SSH key stripping?

manoj9372 wrote:Can i have a confirmation?

Does ssl stripping can also strip ssh keys too?

No. Its for stripping HTTPS and has nothing to do with ssh... You should read the blackhat presentation
https://www.blackhat.com/presentations/ ... ng-SSL.pdf
manoj9372 wrote:And can ettercap can ettercap  able to poison the server traffic in which i am connected to?

Hope you know arp poisoning is for LANs. In arp poisoning usually the clients arp cache is poisoned to intercept server traffic.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Tue Sep 21, 2010 4:28 pm

Re: Arp poisoning the server and SSH key stripping?

ARP poisoning will work in either direction...  The idea being that you're telling the network that a given IP address(es) resolves to the MAC address of the attacking machine, to play man-in-the-middle.

Incidentally, sorry...  I completely missed that you mentioned SSH versus SSL...  My bad!  (Man, these meds for my back must be stronger than I thought...)

My reply was aimed at SSL and arp, not ssh.  Apologies.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

manoj9372

Jr. Member
Jr. Member

Posts: 72

Joined: Mon Oct 05, 2009 8:54 am

Post Tue Sep 21, 2010 8:22 pm

Re: Arp poisoning the server and SSH key stripping?

again saying,i am not talking about arp poisoning the server, I am not
talking about intercepting client's traffic to server..,how can i do it?

Looking for some ideas....
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Tue Sep 21, 2010 8:43 pm

Re: Arp poisoning the server and SSH key stripping?

If you want to intercept the traffic, you need to either sniff on a non-switched segment, to which the server is attached, be on a spanned switch port with the server / client, or ARP spoof...  How else do you anticipate being in the path to intercept / receive the traffic?  (Excluding, of course, broadcast traffic.....)

Decrypting said traffic is more difficult, particularly if you're talking about ssh.  SSL-wise, go back to my first post...
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

dante

User avatar

Jr. Member
Jr. Member

Posts: 58

Joined: Wed Jul 21, 2010 10:17 pm

Post Wed Sep 22, 2010 9:49 am

Re: Arp poisoning the server and SSH key stripping?

manoj9372 wrote:again saying,i am not talking about arp poisoning the server, I am not
talking about intercepting client's traffic to server..,how can i do it?

I am not sure what you are asking here... Hope you are not asking for a step by step instructions on how to use ettercap to poison client/server's cache and intercept traffic.. There are several online tutorials for that...

Adding to what hayabusa mentioned, there is also the option of MAC flooding (usually not possible in latest switches unless misconfigured),DHCP MITM etc...

For intercepting ssh - you might want to google dsniff -sshmitm...

@hayabusa
Hope you get well soon...
Last edited by dante on Wed Sep 22, 2010 9:57 am, edited 1 time in total.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Wed Sep 22, 2010 2:14 pm

Re: Arp poisoning the server and SSH key stripping?

@dante - Thanks... trying...  appreciate the well wishes!  :)
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH

Return to Wireless

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software