iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (3)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
Arp poisoning the server and SSH key stripping?
  • mandi
    Posts: 207
    As we all know what is arp poison,
    but is there any ways to poison the traffic of the server.....

    And also most of us knows ssl stripping,like that can we able to strip the ssh keys and can we able to hijack or decrypt the connection?

    If it is possible what are the mechanism and tools i should use to do it?

    hope i will find some help....
  • Xin
    Posts: 3,251
    Are you talking about traffic from webserver to webserver? or your pc to webserver
    Xin
  • mandi
    Posts: 207
    said:


    Are you talking about traffic from webserver to webserver? or your pc to webserver



    i am talking about the 2nd one..
    hope i will get some help..
  • Sh3llc0d3
    Posts: 1,910
    Hey mandi, let me see if i've got this right, you're on the network and wanting to sniff the webserver, not only that but you want to try and hijack/steal session info from any ssh sessions running?

    You can sniff a webserver using wireshark and/or ettercap, using ssl can then decrypt any ssl page passwords. Ettercap is capable of decrypting ssh, however it must be ssh1 not ssh2.

    Link that may help below:
    http://www.omnigroup.com/mailman/archiv ... 33496.html
  • McKittrick
    Posts: 194
    since you guys mention ARP attacks above,. maybe you can help me with an issue. i used to belong to a cable network that ran proxy ARP. i had no way of ever getting around this, since the poisoning i was able to do was only able to be seen 1-way. the gateway itself was the pxoxy for all ARP handling. how would one bypass this? they did not have a way to fill up CAM tables or anything like that, since this appeared to be a high-end router-switch. has anyone done any poisoning on a proxy-ARP network?
  • Sh3llc0d3
    Posts: 1,910
    said:


    since you guys mention ARP attacks above,. maybe you can help me with an issue. i used to belong to a cable network that ran proxy ARP. i had no way of ever getting around this, since the poisoning i was able to do was only able to be seen 1-way. the gateway itself was the pxoxy for all ARP handling. how would one bypass this? they did not have a way to fill up CAM tables or anything like that, since this appeared to be a high-end router-switch. has anyone done any poisoning on a proxy-ARP network?



    Sounds like cisco equipment to me, not experienced this problem although i'm sure there is a bypass around.
  • mandi
    Posts: 207
    @McKittrick----->

    As Semtex-Primed said it may be an cisco device,And can you tell me what exactly is an \"proxy ARP\"?

    Also from my experience i am saying,if it was a cisco device they are very had to flood,Also i am sure they will have some(if they are good) \"APR watches\",any changes in the mac table will be notified to admin,so if you are on such network forget about this old method...


    Also you can try to grab the IOS version of the OS used by the device and may be if they are running any out-dated version of IOS ,you can try to exploit the device and re-route the traffic ...

    If possible please let us know with more details about your network set-up....


    And now i am coming back to my original problem,i am on an network with full of unmanaged switches and there is no CISCO devices,IDS,IPS,HIPS,HIDS,logging nothing in our network,but my biggest difficulty is as our network switches does not have an IP address,i can not able to attack or re-route the traffic ,Also the server i am looking to poison presents on a different sub-net,i don't know how to re-direct all the traffic of the server to my pc,
    If any body have any suggestions please help me out...

    NOTE;i am looking forward to poison a pc on a different sub-net,not on my sub-net,And also i want to re-direct all of the traffic intended to the server to my pc,....,Also the server i am looking forward to sniff is running linux....
  • McKittrick
    Posts: 194
    well mandi, as far as my network setup is, ATM it is non-existant. my comp burned out a while back and i am using a public pc to access this forum. i am looking to get a laptop soon. i was on a cable ethernet network for over 5 years, that was the network in reguards to the ARP question. i am not even sure the network our city has even uses the proxy-ARP method anymore. as far as your switch situation, have you looked into VLAN hopping? they have tools out there for ISL/VLAN 801.Q tagging/also creating/forcing a switchs' bridge port to become root/etc


    i would say look into those methods

    *proxy-ARP is when you have a gateway sitting on the network that does all the marshalling for ARP handling. instead of MAC communication directly with a host on the subnet, you send it to the gateway and it handles all transactions. pretty hard to bypass unless you control that gateway (which i didn't)
Add a Comment