>SSH Session Hacking

By | July 6, 2010

>SSH session can be hacked using MiTM(Man in The Middle) attack. This attack is known as ssh downgrade attack. Let us understand it. Suppose you are accessing machine C from machine A using ssh

                A——————————–>C

Now suppose there is a machine B which come in middle and alter request that coming from A and forward it to C and vice versa.

                A——(ssh request)—>B—————–>C

               
Now A send ssh request to C. C replies that it support Version1 and Version 2 of SSH protocol.

                A—————>—————–C

A—–<—–(C only support V1) B—–<——C(support v1 and v2 of ssh)

But B alter packet and pass to A that C only support versio1 of SSH.

               A——–>(ssh1)———–B(sniff packet)——>——C

       Since version1 of ssh is insecure by sniffing packets you can get login and password details passed in ssh. This attack is know as ssh downgrade attack, a MiTM implementation. You can try this using ettercap(http://ettercap.sourceforge.net/).

Share itShare on FacebookEmail this to someoneTweet about this on TwitterShare on Google+Share on LinkedInPrint this page
Category: SSH

2 thoughts on “>SSH Session Hacking

Leave a Reply

Your email address will not be published. Required fields are marked *

Current month ye@r day *