I'll search for it, thanks Ulisses... BTW, I've also tried decrypt the SSL traffic using the wireshark SSL option (http://wiki.wireshark.org/SSL) but i couldn't decrypt the SSH traffic although i could decrypt HTTPS traffic.
Maybe i'm doing something wrong with wireshark. Thanks, Danilo Nascimento On Wed, May 19, 2010 at 3:44 PM, Ulisses Castro <[email protected]> wrote: > Sorry... this "portugese mail" is supposed to be in pvt! To Danilo. =\ > > Btw, translated version: > A long time ago I saw one guy that talks on DebConf (Argentina) and show a > little trick on Wireshark to made what do you want. > > My two cents, > > Ulisses > > On Wed, May 19, 2010 at 3:39 PM, Ulisses Castro <[email protected]> > wrote: >> >> Opa! E ae Danilo beleza? >> >> Então há um tempão atraz vi uma apresentação na Debconf que rolou na >> argentina e o cara que apresentou a falha das chaves de SSH na época >> utilizou o Wireshark para descriptografar o tráfego "on the fly"... muito >> interessante, nunca fiz nenhum POC relacionado mas fica ae a dica que talvez >> possa te ajudar. >> >> Grande abraço, >> >> Ulisses >> >> On Wed, May 19, 2010 at 2:22 PM, Danilo Nascimento >> <[email protected]> wrote: >>> >>> Hi Guys! >>> >>> Do you know any tool that can decrypt an SSH traffic that was >>> authenticated via Public-Key? >>> I have both Server private key and User private key, but i can't >>> figure out how i can extract the DH Key and then get the clear ssh >>> session. >>> >>> I've already tried the ssh_decoder (http://www.cr0.org/progs/sshfun/) >>> but there is no option to provide the certificates, it tries >>> brute-forcing the debian vulnerable keys (CVE-2008-0166) >>> >>> Thanks, >>> Danilo Nascimento >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >> >> -- >> Ulisses Castro > > > > -- > Ulisses Castro, CEH, LPIC-2 > Security Researcher > Blog: http://ulissescastro.com > Twitter: http://twitter.com/usscastro > Conviso IT Security - http://www.conviso.com.br > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
