Any known SSH attacks/vulnerabilities other than dictionary attacks and compromising keys ?
cadena
Member Posts: 3 ■■□□□□□□□□
Hi everyone,
I am looking for attacks over TOR which can be applied to a server running SSH. I have been looking at SSH.com (SSH creator's website), IEEE papers, SpringerLink papers/books, etc. but so far I have only found that the atttacks performed on SSH are dictionaty attacks, brute force attacks and compromising public-private keys pairs. Does anyone know of other attacks that can be performed on SSH servers ? If so would you mind to let me know or, at least, point me out to the right direction ? Thanks in advance.
Tagged:
Comments
-
JDMurray Admin Posts: 13,099 AdminWhat are you trying to accomplish using this attack? Bypassing authentication to pop a shell, change the SSH service config, or just crash the SSH service?
-
cadena Member Posts: 3 ■■□□□□□□□□Hi @JDMurray thanks for your reply. Me and my group are trying to build a hidden service which implements SSH/SFTP and we are interested in the various ways the SSH can be pentested. I've done my research in IEEE, Springerlink, ACM, etc. but all the articles I'm finding so far only describe brute force, dictionary attacks and compromising private-public key pairs. Therefore, any kind of attack which breaches SSH and/or manages to perform a denial of service is of interest. Please do you know or can point me to resources which explain me how to accomplish this ? I'd really appreciate it.
-
JDMurray Admin Posts: 13,099 AdminIt sounds like you are only looking at authentication attacks so far. I'd Google for SSH vulnerability detection to find out what vulnerability scanners are looking for in SSH services, such as the list at SSH CVE list. You can also try malformed packet fuzzing to reveal a logic flaw in the host's network stack that crashed the SSH service or even the stack itself. I don't know if there is a slowloris DoS attack for SSH services, but it would be interesting to develop.
-
iBrokeIT Member Posts: 1,318 ■■■■■■■■■□cadena said:Me and my group are trying to build a hidden service which implements SSH/SFTP and we are interested in the various ways the SSH can be pentested.2019: GPEN | GCFE | GXPN | GICSP | CySA+
2020: GCIP | GCIA
2021: GRID | GDSA | Pentest+
2022: GMON | GDAT
2023: GREM | GSE | GCFA
WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops | SANS Grad Cert: Incident Response