[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Anonymous SSH Hack.

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Anonymous SSH Hack.
From: Ben Tasker <ben@xxxxxxxxxxxxxxx>
Date: Mon, 12 Sep 2016 13:54:49 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 12 Sep 2016 08:55:07 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bentasker.co.uk; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=EE3x0KbAZFU9EnRQhm/lO9xgLpwUuCDu7IHmxmm9M7M=; b=cvu1Lor2rysIenw8Sub5WL4lahXSOmiSprJeT0+6HPg7N3GKItdWXyxDV8p8CUM6mV g/FTo4EcLZtuvM3YfjPCnFTkOBZswEdCpo1pKVOn6eMLYR69bidYSnCROMySxRYFETpG BwkyD5PxtfGq8WKFN5GBYwGIk7yxn9wljAdr4=
In-reply-to: <CAJb1f3wvEnrS+AeSnHdGe-vmWwBHT7-EtdtzF-zj1NAobAUzug@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CAJb1f3wvEnrS+AeSnHdGe-vmWwBHT7-EtdtzF-zj1NAobAUzug@mail.gmail.com>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

I'm not going to comment on the attack side of your post as, if nothing
else, this isn't really the forum, but the following is probably worth
noting in terms of potential leakage when SSH'ing over Tor.

You probably want to pass the following

     VerifyHostKeyDNS=no

Don't attempt to do lookups of the host's key fingerprint - those queries
will go out over your local connection

     CheckHostIP=no

Don't do a DNS lookup of the host, the Tor exit node's going to do that
anyway, and again, the queries will be observable by your ISP

     PubkeyAuthentication=no

Don't present any public keys which you might have configured the SSH
client to look for. They can be logged at the remote end

Instead of running connect, you can also use Netcat to pass traffic to Tor

    ProxyCommand="nc -X 5 -x localhost:9050 %h %p"


Ben


On Mon, Sep 12, 2016 at 1:29 PM, Andrzej Wysocki <neomahakala108@xxxxxxxxx>
wrote:

> hello,
>
> i am an amateur hacker, but i wish to work in the Cyber Security in the EU
> NATO Structure, probably in a small Company or a Corporation soon.
>
> i've written an article about SSH Dictionary Hack over TOR, didn't check if
> it works yet though (no time mostly).
>
> i could use a constructive critic,
>
> the article is there:
> > [ http://paco-knife-tarot.blogspot.com/2016/09/anonymous-ssh-hack.html
> ].
>
> thanks in advance.
>
> --
> Andrzej 'neo' Wysocki.
> professionally 'artistic software dev & hacker, paradigmatist, net admin'.
>
> * Art & Dharma Teachings drawing board (unfinished yet) :
> http://artndharmat.appspot.com/
> * Martial Arts, Tactics & Combat Psychology :
> http://martial-arts-tactics-psyche.blogspot.com/
> <http://martial-arts-tactics.blogspot.com/>
> * Dragonfly Algorithm (IT Blog) : http://dragonfly-algorithm.blogspot.com/
> * Functional Paradigm (IT Blog) : http://functional-paradigm.blogspot.com/
> * deviantART: http://neo-mahakala-108.deviantart.com/
> * LinkedIn: http://www.linkedin.com/in/neomahakala108
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>



-- 
Ben Tasker
https://www.bentasker.co.uk
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Anonymous SSH Hack.
  - From: Lars Noodén

References:
- [tor-talk] Anonymous SSH Hack.
  - From: Andrzej Wysocki

Prev by Author: [tor-talk] Image EXIF data used to geolocate
Next by Author: Re: [tor-talk] Anonymous SSH Hack.
Previous by thread: [tor-talk] Anonymous SSH Hack.
Next by thread: Re: [tor-talk] Anonymous SSH Hack.
Index(es):
- Author
- Thread