Any known SSH attacks/vulnerabilities other than dictionary attacks and compromising keys ?

Hi everyone,

I am looking for attacks over TOR which can be applied to a server running SSH. I have been looking at SSH.com (SSH creator's website), IEEE papers, SpringerLink papers/books, etc. but so far I have only found that the atttacks performed on SSH are dictionaty attacks, brute force attacks and compromising public-private keys pairs. Does anyone know of other attacks that can be performed on SSH servers ? If so would you mind to let me know or, at least, point me out to the right direction ? Thanks in advance.

Find more posts tagged with

Secure Shell

Attacks

Comments

JDMurray

What are you trying to accomplish using this attack? Bypassing authentication to pop a shell, change the SSH service config, or just crash the SSH service?

cadena

Hi @JDMurray thanks for your reply. Me and my group are trying to build a hidden service which implements SSH/SFTP and we are interested in the various ways the SSH can be pentested. I've done my research in IEEE, Springerlink, ACM, etc. but all the articles I'm finding so far only describe brute force, dictionary attacks and compromising private-public key pairs. Therefore, any kind of attack which breaches SSH and/or manages to perform a denial of service is of interest. Please do you know or can point me to resources which explain me how to accomplish this ? I'd really appreciate it.

JDMurray

It sounds like you are only looking at authentication attacks so far. I'd Google for SSH vulnerability detection to find out what vulnerability scanners are looking for in SSH services, such as the list at SSH CVE list. You can also try malformed packet fuzzing to reveal a logic flaw in the host's network stack that crashed the SSH service or even the stack itself. I don't know if there is a slowloris DoS attack for SSH services, but it would be interesting to develop.

iBrokeIT

cadena said:

Me and my group are trying to build a hidden service which implements SSH/SFTP and we are interested in the various ways the SSH can be pentested.

You could look into implementing port knocking for those services.