Re: ssh 1.2.27 exploit

Subject: Re: ssh 1.2.27 exploit
From: Beto (core.lists.bugtraqCORE-SDI.COM)
Date: Thu Dec 16 1999 - 13:21:43 CST

• Next message: Rob Jones: "Re: Reinventing the wheel (aka "Decoding Netscape Mail passwords")"
• Previous message: Maurycy Prodeus: "Re: [lucidTERRA.NEBULA.ORG: qpop3.0b20 and below - notes and exploit]"
• Maybe reply: Beto: "Re: ssh 1.2.27 exploit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Daniel Jacobowitz wrote:
>
> You also didn't include exploit_key:
>

That's right, not a big issue, just create a public/private key pairs
using ssh_keygen and rename the private key to exploit_key. Put the key
in the current directory you are running the exploit, and remember to
set the correct file permisions (and owner).

Also, there's another thing you have to make to compile the exploit.
After running configure, edit the Makefile and add -DSSH_EXPLOIT to the
CFLAGS.

-- 
==============================[ CORE Seguridad de la Informacion S.A.
]=======
Alberto Soliño                                  WWW      
:www.core-sdi.com
Consultor                                       Email    
:asolinocore-sdi.com
Pte. Juan D. Peron 315 4p UF 17                 TE        :
+54-11-4331-5409
CP 1038 Capital Federal                         FAX       :
+54-11-4331-5402
Buenos Aires, Argentina
==============================================================================
--- For a personal reply use asolinocore-sdi.com

• Next message: Rob Jones: "Re: Reinventing the wheel (aka "Decoding Netscape Mail passwords")"
• Previous message: Maurycy Prodeus: "Re: [lucidTERRA.NEBULA.ORG: qpop3.0b20 and below - notes and exploit]"
• Maybe reply: Beto: "Re: ssh 1.2.27 exploit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Fri Dec 17 1999 - 12:21:28 CST