Sorry... this "portugese mail" is supposed to be in pvt! To Danilo. =\
Btw, translated version: A long time ago I saw one guy that talks on DebConf (Argentina) and show a little trick on Wireshark to made what do you want. My two cents, Ulisses On Wed, May 19, 2010 at 3:39 PM, Ulisses Castro <[email protected]>wrote: > Opa! E ae Danilo beleza? > > Então há um tempão atraz vi uma apresentação na Debconf que rolou na > argentina e o cara que apresentou a falha das chaves de SSH na época > utilizou o Wireshark para descriptografar o tráfego "on the fly"... muito > interessante, nunca fiz nenhum POC relacionado mas fica ae a dica que talvez > possa te ajudar. > > Grande abraço, > > Ulisses > > > On Wed, May 19, 2010 at 2:22 PM, Danilo Nascimento < > [email protected]> wrote: > >> Hi Guys! >> >> Do you know any tool that can decrypt an SSH traffic that was >> authenticated via Public-Key? >> I have both Server private key and User private key, but i can't >> figure out how i can extract the DH Key and then get the clear ssh >> session. >> >> I've already tried the ssh_decoder (http://www.cr0.org/progs/sshfun/) >> but there is no option to provide the certificates, it tries >> brute-forcing the debian vulnerable keys (CVE-2008-0166) >> >> Thanks, >> Danilo Nascimento >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > -- > Ulisses Castro > -- Ulisses Castro, CEH, LPIC-2 Security Researcher Blog: http://ulissescastro.com Twitter: http://twitter.com/usscastro Conviso IT Security - http://www.conviso.com.br
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
