nCircle.com >> 360 Security

« Vulnerabilities in Exploits? | Main | SCADAGard SIG To Be Established »

SSH + Python + GDB/IM = sshjack

"Post Intrusion SSH Hijacking" by Metalstorm was a great talk about how to leverage one hack into several nearly untraceable intrusions. Instead of attacking a network on off hours, the idea is to exploit the admin's desktop and then piggy back on all their existing ssh sessions. Using the SSH RFC (something I have had the joy of memorizing) to its fullest Metalstorm was able to convince sshd that he needed another terminal session all while using the existing authenticated secure tunnel.

This talk was well paced and very funny in parts. The idea of an admin playing "Hunt the Wumpus" while pine exploded on his desktop was really funny. Even MS's much maligned Clippy made a cameo.

His parting thoughts on MSRDP and Citrix ICA are disturbing however. Protocols that support Multiplexed channels are in danger of being pwned by this technique. I really like Python and SSH so I thought it was awesome to see someone mash them together with such great results!

Posted by graver on July 30, 2005 9:08 PM |

Comments (2)

greg:

but its not always that way

Posted by greg | May 9, 2006 8:01 AM

Posted on May 9, 2006 08:01

simon:

you should look at it that way

Posted by simon | May 10, 2006 2:19 AM

Posted on May 10, 2006 02:19

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Search


About

This page contains a single entry from the blog posted on July 30, 2005 9:08 PM.

The previous post in this blog was Vulnerabilities in Exploits?.

The next post in this blog is SCADAGard SIG To Be Established.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]