OpenSSH Exploit Out?
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: OpenSSH Exploit Out?

  1. #1
    Senior Member
    Join Date
    Jun 2003
    Posts
    236

    OpenSSL Exploit Out?

    Does anyone know if there is an exploit out to the new openssh pre 3.7 bug,

    Im just looking for something for testing, so even a binary thats hardcoded to the local host thats fine.

    Or even some proof of concept code is ok, if its in C.

    oops..My mistake on putting openssl in title it should be openssh
    That which does not kill me makes me stronger -- Friedrich Nietzche

  2. #2
    Senior Member
    Join Date
    Jun 2003
    Posts
    236

    Angry

    Slarty,

    Thanks for the neg points,did you use everything you had or what?
    You should post your comments here next time.
    --snip--
    #1 Dont get the title wrong.
    --snip--

    Excuse me, I messed up openssl and openssh , I hope by mixing up a letter which I immediatley saw and added did not burden you too bad.

    --snip--
    #2 Dont ask for zero day spoits
    --snip--
    Why not, I am a computer security professional with a University degree. I did mass research into exploits and still do it. As you can see I ask if there was a binary for localhost, most good SO's check sploits that have a direct affect on there systems and part of my job is recognizing signatures for 0 day sploits.

    I havent been here at AO for that long but my main objective here is to learn and share what I learn,I reply with any knowledge I have and I do not be little anyone here. If you do not want to take part in my discussion thats fine but dont tell me what I can and can not do.
    That which does not kill me makes me stronger -- Friedrich Nietzche

  3. #3
    Senior Member
    Join Date
    Apr 2002
    Posts
    1,050
    The openSSH sploit isnt public yet the only other thing i could suggest is to read the advisory and throw together some code yourself other than that try IRC chans but it will be a slim to none chance of people parting with 0day
    By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
    The 20th century pharoes have the slaves demanding work
    http://muaythaiscotland.com/

  4. #4
    Senior Member
    Join Date
    Aug 2002
    Posts
    239
    Your best bet would be to monitor the http://www.SecurityFocus.com, other than Hacker IRC channels.

    http://www.securityfocus.com/search?...&submit=Search
    It\'s 106 miles to Chicago, we\'ve got a full tank of gas, half a pack of cigarettes, it\'s dark and we\'re wearing sunglasses.

    Hit it!

  5. #5
    Senior Member n01100110's Avatar
    Join Date
    Jan 2002
    Posts
    352
    Showtime said it best , security focus is good. Bug Traq is also good. Oh and i forgot
    "Serenity is not the absence of conflict, but the ability to cope with it."

  6. #6
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    --snip--
    #2 Dont ask for zero day spoits
    --snip--
    Why not, I am a computer security professional with a University degree. I did mass research into exploits and still do it. As you can see I ask if there was a binary for localhost, most good SO's check sploits that have a direct affect on there systems and part of my job is recognizing signatures for 0 day sploits.

    I havent been here at AO for that long but my main objective here is to learn and share what I learn,I reply with any knowledge I have and I do not be little anyone here. If you do not want to take part in my discussion thats fine but dont tell me what I can and can not do.
    As much as it seems like you should be able to ask about these things, it's not proper. You have to consider the number of script kiddies and crackers that sign up here on a daily basis. We're trying to protect ourselves and others from these people, not give them access to code that could hurt those who aren't yet protected. This is especially true when you are still a newbie on the site and haven't established yourself at all. This is part of the reason I'm looking to have a forum established for those here for real security discussion. The thread on which is located here - http://www.antionline.com/showthread...&postid=673404 - Feel free to voice your opinions on the subject.

    I will however say that I was very tempted to neg you when I saw the request, but I head off. It did appear very script kiddieish and didn't seem like it belonged. Then again that's just my opinion.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  7. #7
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    judging by the points that S3cur|ty4ng31 got against your response id say the community disagrees with you HTRegs (BTW i havn't assigned any points to this thread). i dont think "its not proper" is a phrase that should be used in reguard to security which is IMO down and dirty, sks all over the net already have the code. its been posted many places. why shouldn't a security pro be able to ask where the code can be had. your saying all the kiddies should know but we shouldn't...i dont think thats proper. if we can't find what we need to know here why even bother to logon and maybe these types of comments are the reason why many dont any more.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  8. #8
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    I'm wondering if the greenies were in place only to make up for the negs she (I'm assuming a she) recieved to start with. Either way, if we could post 0day and other exploits on here.. I'd love it.. I would go for it in a second, my response was based on what I've seen in the past... That if you attempt something like that you are negged for it. I do think it's sad and that was why I didn't neg.. I was trying to state why it happens around here.. at least as far as I understand it from the past... If people are going to stop negging for posting new sploits, then I'd do it in a second... I believe it was tampabay420 who posted a link in Addicts before to the site he found most of his info... and even then there was a lot of commenting that it was appropriate for AO.... not the general section anyways...
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  9. #9
    Banned
    Join Date
    Jul 2002
    Posts
    877
    Originally posted here by S3cur|ty4ng31
    Why not, I am a computer security professional with a University degree.
    Yes... a 'computer professional' who has a name spelled in l33t speak. But he must really have a great university degree in order to bitch about AP, flame slarty about what I think he deserved, ask half-assed questions, then gets away with what most peaple would get banned for just because a few addicts and seniors are useing 'em as a example/target in the middle of a arguement on what is right and wrong on AO.

    Its a entertaining thread indeed. But sorry... I agree but only to a certian extent for example: If we accept a question such as this with a shity excuse... then what next? Questions about hotmail and sub7 become acceptable?

    Behold the de-evolution of AO:

    http://www.irkutsk.org/cgiapps/wwwbo...sages/100.html
    http://pub120.ezboard.com/ffreeforal...picID=57.topic

    These are just a (FEW) of the board that are quickly flooded/dead... it happends everyday. At one time blackcode was a security site but because of their downloads & the subject of their forums the site drew in lamer ass elements. And now their site is going up and down like a yo-yo and everyday its flood, flame, hotmail, flame, sub7, flame, bitch, flame.flood.flame... and not to mention general stupidity.

  10. #10
    Senior Member
    Join Date
    Jun 2003
    Posts
    236
    Im not gonna quote everyone here but Id like to add some rebutal and comments.

    I choose not to goto sites,irc, or generally deal with people who are blackhats. Therefore I participate in some forums where there is a good community.

    If anyone questions the validity of who I am please send me a private message and I will give you my private email at the company I work for and we communicate via email.

    My original main goal is I am trying to find something in the exploit packet I can use for a signature in snort, heck I wasnt even sure if there was an exploit out. Thats why a binary hardcoded to local host that did not even have to do anything other than emulate some form of attack would have been ok.

    And the truth is I dont care that much about AP points, it really is a matter of principle when someone negs me so hard and sends me a private message tellling me dont do this and dont do that. If anyone wants to neg me that is fine but there is nor reason you cant leave an remark as to why without trying to treat someone as a child.

    I stand by all my remarks. My university degree does not bar me from 'bitching'. I will always stand up for what I feel is right.
    That which does not kill me makes me stronger -- Friedrich Nietzche

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •