Thursday, July 30, 2009

Hacking the OpenSSH library for Ncrack

The purpose of this document is to outline the process of building a SSH library leveraged by the corresponding module of Ncrack. The code used is largely based on the latest version of OpenSSH (currently 5.2) which makes it more secure and flexible, being audited by the OpenBSD team and being able to handle and adapt to many different implementations of SSH out there. First we are going to give a brief overview of the OpenSSH code mainly focusing on everything related to the authentication phase, since that is what concerns us most. Then we are going to mention what different hacks were made in order to convert that code into a library suitable for use by Ncrack's architecture. Finally, we are going to discuss some issues concerning SSH bruteforcing.

Check for more

No comments: