Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I\'m currently analysing a compromised network(root access has been gained to a

ID: 658734 • Letter: I

Question

I'm currently analysing a compromised network(root access has been gained to a workstation and logs show that it has been used for port scanning and service brute forcing attacks on the remaining stations within the subnet) and am wondering what is the most effective attack that can be launched at this point?

Packet sniffing allows for easy credential retrieval in the case of plain text protocols but is otherwise less effective against their encrypted counterparts.

Brute forcing is ineffective given that a secure credential policy is employed.

At this point I'm thinking that the attack with the highest impact would consist in credential retrieval through the use of arp poisoning on services such as SSH. I've found a suite of tools that would allow for an attacker to retrieve the user name and password values for SSH v1

The tools presented there are, however, archaic and require numerous tweaks in order to compile on most modern distros.

Is there an equivalent for SSH v2? What are the most suitable means of prevention/detection?

Explanation / Answer

Yes, password credentials can still be stolen through a man-in-the-middle method with SSHv2.

The victim profile will depend on the type of man-in-the-middle method used. For your example of arp poisoning from a client workstation, arp poisoning would maximally really grant middling between clients on the nearby local network, or all clients if the server is on a nearby local network.

Other middling methods, such as DNS poisoning could increase the victim scope.

Most SSH clients will remember the public key of an SSH server they have previously connected to. So regular users would likely get a scary error or warning when attempting to connect through a mitm.

Using private key authentication is one way to avoid disclosing the secret credential, even if the connection is middled.

Related Questions

I\'m confused with Question 19. The answer is a, but I do not know the reason Ph
Question #1793105
I\'m confused with a proof on this question, can someone help out a little bit?
Question #3121291
I\'m confused with how to set up this question. My mainquestion is there a formu
Question #1670531
I\'m confused with my pre lab can I get some help 2 The reaction of 1 142 grams
Question #546282
I\'m confused with question 3,4,8,16,20, and 24. Spring 2011 Physics 211A The ne
Question #1793889
I\'m confused with the Diffe-Helman algorithm and how it\'s secure. I get how th
Question #3839180
I\'m confused with the latest home lightning bulbs. Understanding filament bulbs
Question #1321515
I\'m confused with the limits of integration for part b webassign.net A Bungee C
Question #1659522
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
I\'m currently an undergraduate math student and researching on the internet I d
Next
I\'m currently attempting to wrap my head around PCI compliance - and what I nee

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.