Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Brian Micek <bmicek@...>
Subject: SSH probes
Date: Sat, 05 Nov 2005 14:56:58 -0500
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
  <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
  <META NAME="GENERATOR" CONTENT="GtkHTML/3.3.2">
</HEAD>
<BODY>
I don't mean to re-start an old topic, but would anyone happen to have access to the source code for the second phase of the popular SSH probes?&nbsp; The reason I'm interested in it is because I'd like to exploit some weaknesses in the code and at least cause it to drop a core.<BR>
<BR>
Currently, I have a service started by xinetd and close stdin on the command line arguments to avoid hackers hacking my program.&nbsp; I run a bash script as user &quot;nobody&quot; that basically looks like this (extra extraneous stuff is removed):<BR>
<BR>
#!/bin/bash<BR>
function fakessh() {<BR>
&nbsp; echo SSH-2.0-OpenSSH_3.9p1 # ID ourself as a valid SSH service<BR>
&nbsp; /bin/cat /dev/urandom # and send random data<BR>
}<BR>
# Main follows - this is run as user &quot;nobody&quot;<BR>
fakessh &lt;&amp;-&nbsp; # Call the payload and (again) close stdin to avoid hacks<BR>
# EOF - fakessh<BR>
<BR>
The result for someone using a normal ssh client is:<BR>
UNIX&gt;&nbsp; ssh localhost<BR>
Disconnecting: Bad packet length 3349376822.<BR>
<BR>
I am hoping to cause some kind of memory problem here and thats why I need the source code.&nbsp; Another exploit to examine is what happens with zero length packets if we cat /dev/zero.&nbsp; If there is nothing to exploit here, I'll remove the &quot;echo&quot; line so I send random data until the hacker client terminates his connection.<BR>
<BR>
Thank you,<BR>
Brian Micek
</BODY>
</HTML>
Attachment:
signature.asc (This is a digitally signed message part)
Replies:
Re: SSH probes
-- William Yang
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: SSH probes
Next by thread:
Re: SSH probes
Previous by date:
Re: hardened and amd-k6
Next by date:
Re: [gentoo-security] SSH probes


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.