In this Networking challenge, we get a short tcpdump capture file with a SSH session.
Given the capture is really short, we immediately focus on this SSH session. Decrypting SSH without prior knowledge of the private keys is not an easy feat’ except in one particular case: if one of the client or server key was generated on a Debian machine during the OpenSSL fiasco.
In 2008, Debian shipped with a flawed openssl package that resulted in keys with very weak entropy, in other words, predictable keys: http://www.debian.org/security/2008/dsa-1571
Let see if this is the case. First we split this capture file in session file that can be used by our bruteforcer tool. For this job, we use tcpick (available as Debian package)
Starting tcpick 0.2.1 at 2011-09-24 03:13 UTC
Timeout for connections is 600
tcpick: reading from capture.pcap
1 SYN-SENT 192.168.0.119:58214 > 192.168.0.222:ssh
1 SYN-RECEIVED 192.168.0.119:58214 > 192.168.0.222:ssh
1 ESTABLISHED 192.168.0.119:58214 > 192.168.0.222:ssh
1 FIN-WAIT-1 192.168.0.119:58214 > 192.168.0.222:ssh
1 TIME-WAIT 192.168.0.119:58214 > 192.168.0.222:ssh
1 CLOSED 192.168.0.119:58214 > 192.168.0.222:ssh
tcpick: done reading from capture.pcap
74 packets captured
1 tcp sessions detected
Now we can use one of the SSH bruteforcer specially designed to handle those weak keys. I choose the client mode (-c) because in the capture file you can see that the client’s OpenSSH version is much older than the server.
* read handshake
cipher: aes128-cbc, mac: hmac-md5, kex_hash: sha1, compr: none
* bruteforce DH
DH shared secret : 028b79a7ee617e11fe3cc5600b93b9423e75c494dcc5e12fed2d99864dd940838c09f77f62356d600c32a37c9e585b21fa0f9c11dc97f7bac6a9a8864fe55a210048c149ae9bf3c6399a8c162bb7cbf1cf7678b34ffe7c118ee34a1239fb4b9d960b6746e60a456a0284c0e2210b837c554c9ef857b6f25ea106422c881c08aa
* derive keys
* decipher streams
* successful authentication packet
{:key=>
{:g=>
"l\232\203\271\265$'\003g\000\317\335\003\222\304\f\357h\f^\016\311\261\023\001JR\352\363\262\3556\251\227$FB\307\344\370\277u\362\017d\003\222\227v\305\034\363\220Sz<"\232\003\235\025\210B\240%\3114\021Cu\017\340\317\306\221\306\241\217\025O\254\230\004\212\311\204\263\206\224\004\317\035{\271\262\027J\373\350\325P\201\226\364K{\242\2747"\274\243\257\002D\2743\231`wc\b\312\276D\3614\022",
:type=>"ssh-dss",
:p=>
"\000\207\364\bvQR\300$U\371\317``\322\021\037X\235P\032\261\244\277\352\327\277\247O\020\253\b\250z#3\004\223\022\021\256\237\203\253*mh;\311\323\031\302\005\025\204o6\270"*\256\244\027s\242Q\020j\nb\234"\252\372\2415x\273?U1\bj\237\270J\a6\350\246n\027\322"6\022\311\310\374F\346P<\261A\266*\320\333C\304\004X\300\217\241g\267\334}\005\026\345}\223aXD\255",
:q=>"\000\260~\350\024\215\231t\206>\233\324\212_\206\322Q\0066(\225",
:y=>
"\016\371O\332\bw\276\300\367\373\350\3223XX\205\340W\267r\246\f\265\0349}1Q>\245r\021\262\244\004\3437"\377\247\257\344\304\344EP\250\021k'\261$N\346\230\321\273hTq?O\274\335\260)\266[<L \231\b%\367\262\353\307\002\b\026\20148\004\352\036\a]\025\204\300\210W{\035YML>\311\274\024I\307N:\375\264\340\000\346\331\023\301N\002\327\263\026\217p\233\300\230@\351\333"},
:testic=>1,
:username=>"mosdef",
:keytype=>"ssh-dss",
:nextservice=>"ssh-connection",
:auth_method=>"publickey"}
* deciphered streams saved to "sshdecrypt.0.client.dat" & "sshdecrypt.0.server.dat"
We have deciphered the SSH exchange and we can know see what the user typed into this SSH terminal:
publickey,password
key{you_broke_ssh_im_calling_teh_cops}
