OpenSSH Exploit Out?

**S3cur|ty4ng31** · October 13th, 2003, 11:52 PM

Does anyone know if there is an exploit out to the new openssh pre 3.7 bug,

Im just looking for something for testing, so even a binary thats hardcoded to the local host thats fine.

Or even some proof of concept code is ok, if its in C.

oops..My mistake on putting openssl in title it should be openssh

**S3cur|ty4ng31** · October 14th, 2003, 01:27 AM

Slarty,

Thanks for the neg points,did you use everything you had or what?
You should post your comments here next time.
--snip--
#1 Dont get the title wrong.
--snip--

Excuse me, I messed up openssl and openssh , I hope by mixing up a letter which I immediatley saw and added did not burden you too bad.

--snip--
#2 Dont ask for zero day spoits
--snip--
Why not, I am a computer security professional with a University degree. I did mass research into exploits and still do it. As you can see I ask if there was a binary for localhost, most good SO's check sploits that have a direct affect on there systems and part of my job is recognizing signatures for 0 day sploits.

I havent been here at AO for that long but my main objective here is to learn and share what I learn,I reply with any knowledge I have and I do not be little anyone here. If you do not want to take part in my discussion thats fine but dont tell me what I can and can not do.

***prodikal*** · October 14th, 2003, 02:03 AM

The openSSH sploit isnt public yet the only other thing i could suggest is to read the advisory and throw together some code yourself other than that try IRC chans but it will be a slim to none chance of people parting with 0day

**Showtime8000** · October 14th, 2003, 02:39 AM

Your best bet would be to monitor the http://www.SecurityFocus.com, other than Hacker IRC channels.

http://www.securityfocus.com/search?...&submit=Search

**n01100110** · October 14th, 2003, 02:44 AM

Showtime said it best , security focus is good. Bug Traq is also good. Oh and i forgot

www.google.com

***HTRegz*** · October 14th, 2003, 03:12 AM

--snip--
#2 Dont ask for zero day spoits
--snip--
Why not, I am a computer security professional with a University degree. I did mass research into exploits and still do it. As you can see I ask if there was a binary for localhost, most good SO's check sploits that have a direct affect on there systems and part of my job is recognizing signatures for 0 day sploits.

I havent been here at AO for that long but my main objective here is to learn and share what I learn,I reply with any knowledge I have and I do not be little anyone here. If you do not want to take part in my discussion thats fine but dont tell me what I can and can not do.

As much as it seems like you should be able to ask about these things, it's not proper. You have to consider the number of script kiddies and crackers that sign up here on a daily basis. We're trying to protect ourselves and others from these people, not give them access to code that could hurt those who aren't yet protected. This is especially true when you are still a newbie on the site and haven't established yourself at all. This is part of the reason I'm looking to have a forum established for those here for real security discussion. The thread on which is located here - http://www.antionline.com/showthread...&postid=673404 - Feel free to voice your opinions on the subject.

I will however say that I was very tempted to neg you when I saw the request, but I head off. It did appear very script kiddieish and didn't seem like it belonged. Then again that's just my opinion.

***Tedob1*** · October 14th, 2003, 04:25 AM

judging by the points that S3cur|ty4ng31 got against your response id say the community disagrees with you HTRegs (BTW i havn't assigned any points to this thread). i dont think "its not proper" is a phrase that should be used in reguard to security which is IMO down and dirty, sks all over the net already have the code. its been posted many places. why shouldn't a security pro be able to ask where the code can be had. your saying all the kiddies should know but we shouldn't...i dont think thats proper. if we can't find what we need to know here why even bother to logon and maybe these types of comments are the reason why many dont any more.

***HTRegz*** · October 14th, 2003, 05:44 AM

I'm wondering if the greenies were in place only to make up for the negs she (I'm assuming a she) recieved to start with. Either way, if we could post 0day and other exploits on here.. I'd love it.. I would go for it in a second, my response was based on what I've seen in the past... That if you attempt something like that you are negged for it. I do think it's sad and that was why I didn't neg.. I was trying to state why it happens around here.. at least as far as I understand it from the past... If people are going to stop negging for posting new sploits, then I'd do it in a second... I believe it was tampabay420 who posted a link in Addicts before to the site he found most of his info... and even then there was a lot of commenting that it was appropriate for AO.... not the general section anyways...

**|The|Specialist** · October 14th, 2003, 06:12 AM

Originally posted here by S3cur|ty4ng31
Why not, I am a computer security professional with a University degree.

Yes... a 'computer professional' who has a name spelled in l33t speak. But he must really have a great university degree in order to bitch about AP, flame slarty about what I think he deserved, ask half-assed questions, then gets away with what most peaple would get banned for just because a few addicts and seniors are useing 'em as a example/target in the middle of a arguement on what is right and wrong on AO.

Its a entertaining thread indeed. But sorry... I agree but only to a certian extent for example: If we accept a question such as this with a shity excuse... then what next? Questions about hotmail and sub7 become acceptable?

Behold the de-evolution of AO:

http://www.irkutsk.org/cgiapps/wwwbo...sages/100.html
http://pub120.ezboard.com/ffreeforal...picID=57.topic

These are just a (FEW) of the board that are quickly flooded/dead... it happends everyday. At one time blackcode was a security site but because of their downloads & the subject of their forums the site drew in lamer ass elements. And now their site is going up and down like a yo-yo and everyday its flood, flame, hotmail, flame, sub7, flame, bitch, flame.flood.flame... and not to mention general stupidity.

**S3cur|ty4ng31** · October 14th, 2003, 07:22 PM

Im not gonna quote everyone here but Id like to add some rebutal and comments.

I choose not to goto sites,irc, or generally deal with people who are blackhats. Therefore I participate in some forums where there is a good community.

If anyone questions the validity of who I am please send me a private message and I will give you my private email at the company I work for and we communicate via email.

My original main goal is I am trying to find something in the exploit packet I can use for a signature in snort, heck I wasnt even sure if there was an exploit out. Thats why a binary hardcoded to local host that did not even have to do anything other than emulate some form of attack would have been ok.

And the truth is I dont care that much about AP points, it really is a matter of principle when someone negs me so hard and sends me a private message tellling me dont do this and dont do that. If anyone wants to neg me that is fine but there is nor reason you cant leave an remark as to why without trying to treat someone as a child.

I stand by all my remarks. My university degree does not bar me from 'bitching'. I will always stand up for what I feel is right.

Thread: OpenSSH Exploit Out?

Thread Tools

Display

OpenSSL Exploit Out?

Posting Permissions