rss feed link header graphic

  July 12, 2005 - Poking at Protocols: SSH and SPA

by Jeff Moss

Protocol layer research allows us hackers to both secure and exploit everyday operational communications. On this BlackPage, Adam Boileau walks us through a day of formulating his latest SSH hijacking techniques while Mad Hat provides a first look at Single Packet Authentication, and how it might land system administrators a few extra dates.


  A Day in the Life of a SSH Trust Hijacker

by Adam Boileau posted July 12, 2005

Time: 0712
Mood: Angsty
This morning in the shower, a vision of Richard Stallman came to me, and told me I should write a python interface to GDB. I wonder why?
Last time I listened to him, I got thrown out of the Pub.

Time: 0923
Mood: cussing
Wow, GDB/MI's better than libiptables. I'm not sure that’s a compliment.

Time: 1115
Mood: 3v1l
Hey, Mr 0nate left a shell to symondst1.helix.net.nz open, I wonder if I can get his SSH to go change my ratelimit?

Time: 1430
Mood: Self abuse
Man, I sure am glad my hat's the colour of a toothpaste model's teeth, 'cause you could wreak a far bit of havoc with this thing hooked up to that Firefox URL-Icon Javascript bug...


  Sexy Packet Authentication

by MadHat posted July 12, 2005

Single Packet Authentication (SPA) is a protocol that does just what it says -- identifies the client to the server with a single packet. What you do next is up to you, but we came up with several scenarios. Port knocking too insecure? SPA to the rescue. Behind a client's NAT on a consulting gig and need to restart the mail server back at the main office? SPA has a plan. Reverse shell out of your secure DMZ back to you in your hotel room? SPA commands all. Need a new protocol to impress potential sexual partners? SPA is deeeead sexy.


New Doors To Your Network

Every advancement of technology comes with a new entry point for exploitation. Over the last few years we’ve witnessed the explosion of two areas that provide public access to private systems: wireless access points and web application service APIs. This week top researchers Beetle and Bruce Potter announce the release of a new rouge wireless access point vulnerability tool that builds on the popular Airsnarf study released last summer. On a different track from the wireless crew, Alex Stamos and Scott Stender hypothesize on how the growing popularity of web service interfaces will fuel a new type of injection attacks... read more

Psychology and Organized Crime

Sometimes we're so stuck on the screen that we forget to look beyond it. Mudge and Geers are here to remind us of the security angles we seldom explore, but that have an effect on what we do daily. On today's page we keep in mind economics, psychology, and the Russian mob when thinking about security. .. read more

The Black Page is always looking for concise and interesting comments from researchers and experts about issues that affect the security community. Contact us here to learn more about submission rules

Black Pages Archives

1997-2008 Black Hat ™