Results 1 to 5 of 5

Thread: Overcoming a Clever SSH Defense

  1. #1
    Just burned their ISO
    Join Date
    Nov 2012
    Posts
    10

    Default Overcoming a Clever SSH Defense

    I am an IT administrator for a small 'Mom and Pop' type alarm business. I am in the process of conducting a penetration test and I am currently testing our hardware firewall for vulnerabilities, a Dell SonicWALL TZ 210.

    This little bugger has a very clever trick to prevent bruteforce/dictionary password attacks: Instead of providing the login prompt immediately upon connection, the server "eats" whatever the user's first input happens to be and THEN issues the login prompt. The effect of this is that the two main tools I'm experienced in using in this type of situation (hydra and MSF's auxiliary/scanner/ssh/ssh_login) are useless; they think they successfully guessed the password on the first try regardless of the user/pass combo when they really haven't.

    Normally I would move on to the next target on my list to test but I want to be thorough because the gateway to our building's network is important to have locked down tight and I'm sure given enough time someone will think of something that I didn't, so I ask the experts: is there an obvious way to overcome this obstacle that I'm not seeing?

  2. #2
    Junior Member rastamouse's Avatar
    Join Date
    Oct 2012
    Posts
    32

    Default Re: Overcoming a Clever SSH Defense

    I'm not sure about Hydra, but the MSF ssh_login module has a STOP_ON_SUCCESS option. Presumably if you set this to false, the module will continue guessing passwords, even if it thinks it has already found a valid one.

  3. #3
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: Overcoming a Clever SSH Defense

    Just copy the ssh_login module creating your own that sends some initial garbage before actually trying the login attempt.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  4. #4
    Just burned their ISO
    Join Date
    Nov 2012
    Posts
    10

    Default Re: Overcoming a Clever SSH Defense

    Quote Originally Posted by rastamouse View Post
    I'm not sure about Hydra, but the MSF ssh_login module has a STOP_ON_SUCCESS option. Presumably if you set this to false, the module will continue guessing passwords, even if it thinks it has already found a valid one.
    That was my initial assessment as well, but I tried both tools both ways and got the same results each time.

    @thorin: That sounds like it might work. However, I've never edited any of the scripts before. Are there any tutorials that you would recommend as a reference?

  5. #5
    Junior Member rastamouse's Avatar
    Join Date
    Oct 2012
    Posts
    32

    Default Re: Overcoming a Clever SSH Defense

    You could check out the Building A Module section of the Metasploit Unleashed set of pages.

Similar Threads

  1. System hardening and defense
    By WWJudasD in forum OLD Latest Public Release - BackTrack4 Beta
    Replies: 3
    Last Post: 03-05-2009, 11:18 AM
  2. How to Defense Deauthentication?
    By rousuca in forum OLD Wireless
    Replies: 17
    Last Post: 05-14-2008, 03:02 PM
  3. Wireless sniffer defense
    By kingpin in forum OLD Newbie Area
    Replies: 15
    Last Post: 08-24-2007, 04:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •