Any known SSH attacks/vulnerabilities other than dictionary attacks and compromising keys ?

cadenacadena Member Posts: 3 ■■□□□□□□□□

Hi everyone,

I am looking for attacks over TOR which can be applied to a server running SSH. I have been looking at SSH.com (SSH creator's website), IEEE papers, SpringerLink papers/books, etc. but so far I have only found that the atttacks performed on SSH are dictionaty attacks, brute force attacks and compromising public-private keys pairs. Does anyone know of other attacks that can be performed on SSH servers ? If so would you mind to let me know or, at least, point me out to the right direction ? Thanks in advance.


Comments

  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    What are you trying to accomplish using this attack? Bypassing authentication to pop a shell, change the SSH service config, or just crash the SSH service?










     
  • cadenacadena Member Posts: 3 ■■□□□□□□□□
    Hi @JDMurray thanks for your reply. Me and my group are trying to build a hidden service which implements SSH/SFTP and we are interested in the various ways the SSH can be pentested. I've done my research in IEEE, Springerlink, ACM, etc. but all the articles I'm finding so far only describe brute force, dictionary attacks and compromising private-public key pairs. Therefore, any kind of attack which breaches SSH and/or manages to perform a denial of service is of interest. Please do you know or can point me to resources which explain me how to accomplish this ? I'd really appreciate it.
  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    It sounds like you are only looking at authentication attacks so far. I'd Google for SSH vulnerability detection to find out what vulnerability scanners are looking for in SSH services, such as the list at SSH CVE list. You can also try malformed packet fuzzing to reveal a logic flaw in the host's network stack that crashed the SSH service or even the stack itself. I don't know if there is a slowloris DoS attack for SSH services, but it would be interesting to develop.
  • iBrokeITiBrokeIT Member Posts: 1,318 ■■■■■■■■■□
    cadena said:
     Me and my group are trying to build a hidden service which implements SSH/SFTP and we are interested in the various ways the SSH can be pentested. 
    You could look into implementing port knocking for those services.
    2019: GPEN | GCFE | GXPN | GICSP | CySA+ 
    2020: GCIP | GCIA 
    2021: GRID | GDSA | Pentest+ 
    2022: GMON | GDAT
    2023: GREM  | GSE | GCFA

    WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops SANS Grad Cert: Incident Response
Sign In or Register to comment.