Results 1 to 6 of 6

Thread: check for vulnerable debian ssh keys

  1. #1
    Moderator
    Join Date
    Jan 2010
    Posts
    167

    Default check for vulnerable debian ssh keys

    Hey,

    to check a system (with sshd running) for the debian ssh vulnerbility (CVE-2008-0166) you can use debian_ssh_scan_v4 [1] and paramiko [2].

    * download [1] and [2] and unzip them.
    * change to the paramiko directory and install paramiko with "python setup.py install"
    * change to the debian_ssh_scan_v4 directory
    * run it with
    "cat SSH-IPs.txt | ./debian_ssh_scan_v4.py"
    or
    "./debian_ssh_scan_v4.py <IP>"

    hf
    m-1-k-3

    [1]: http://itsecurity.net/
    [2]: http://www.lag.net/paramiko/

  2. #2
    Senior Member secure_it's Avatar
    Join Date
    Feb 2010
    Location
    在這兩者之間 BackTrack是4 FwdTrack4
    Posts
    854

    Default

    you have posted this in BT3 section which is slackware based & the vulnerability addresses debian OS based host,which is BT4.

  3. #3
    Moderator
    Join Date
    Jan 2010
    Posts
    167

    Default

    Quote Originally Posted by secure_it View Post
    you have posted this in BT3 section which is slackware based & the vulnerability addresses debian OS based host,which is BT4.
    For sure. BT3 is the auditing device and the HowTo it is for auditing any Linux system which has SSH enabled.

    m-1-k-3

  4. #4
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by secure_it View Post
    you have posted this in BT3 section which is slackware based & the vulnerability addresses debian OS based host,which is BT4.
    This scans for vulnerable clients. The host whether BT3/Slackware or BT4/Ubuntu does not make a difference.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  5. #5
    Senior Member secure_it's Avatar
    Join Date
    Feb 2010
    Location
    在這兩者之間 BackTrack是4 FwdTrack4
    Posts
    854

    Default

    Ya that I know,I saw that in example.I was just pointing he done with BT3 while BT4 already out.just like that.

  6. #6
    Moderator
    Join Date
    Jan 2010
    Posts
    167

    Default

    Quote Originally Posted by secure_it View Post
    Ya that I know,I saw that in example.I was just pointing he done with BT3 while BT4 already out.just like that.
    BT4 is in beta and so the stable release is BT3. I've tested it also on B4 ... same steps

    m-1-k-3

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •