Intercept SSH network topology using SSHMitm man -in-the-middle:
target machine: metasploitable2-linux
Attacker: kali-linux
Visitor: backtrack5-linux
Kali uses ettercap for man-in-the-middle attack (arp spoofing):
Use ssh to log in to the remote server here
But kali didn't catch any package
Scan the service version number to determine the reason
It was found that the version number is Openssh4.7, which can theoretically be attacked. However, due to the use of the protocol 2 version, all information is encrypted. Here we use the arpspoof method to perform a man-in-the-middle attack to capture packets for verification.
Enable NIC forwarding:
Echo “1” > /proc/sys/net/ipv4/ip_forward
Use wireshark to capture packets
Then make the ssh connection again:
Stop capturing packets and perform filtering.
Find the account password, but we can find that all the package information here is encrypted.
Here you can change the version number of ssh to 1.0, and you can find that the captured packets are all plaintext, so we won't do the experiment here.
Now we use mitm to downgrade ssh. Forcing it to version 1.0, sending plaintext packets.
But due to the limited level, I really don't know how sshmitm works. . .