SSH Man-in-the-Middle (Soft Hack)

A successful SSH based Man-in-the-Middle Attack might go something like this – there are a couple of assumptions but lazy or novice users will probably fall for some if not all of this.

Assumption #1

This works best for users of newly established VMs such as those one might provide via Amazon EC2.

Assumption #2

Users who simply do not pay close attention to the details will fall for much of what this attack seeks to accomplish.

Assumption #3

SSH Terminal Emulation is required by this hack.  This can be easily built using Python and Paramiko.

Assumption #4

SCP Emulation is also required to make this hack work. This can be easily built using Python and Paramiko.

Assumption #5

The end-user connects to the man-in-the-middle via SSH Terminal Emulation to begin using the newly created VM Instance via password login or a key-pair provided by the attacker – this works best when the end-user will just go along with the process of allowing someone else to do most of the work such as but not limited to allowing someone else to establish the key-pair for a seemingly newly created VM instance.

Assumption #6

Assuming the end-user chose to connect using SCP via a password, the man-in-the-middle need not even know if the provided password is correct since the SSH Terminal Emulation is just window-dressing.

Assumption #7

The SSH Terminal and SCP Emulation is all fake – I was almost sure this was already understood by most readers.  The end-user will “see” what is expected to be a newly installed Linux file system with either nothing in the .ssh folder or a key-pair that was provided for the user – the goal here is to get the end-user to accept the man-in-the-middle as legit even though it is not at-all legit.

Assumption #8

Once the end-user has either accepted the provided key-pair or uploaded a real public key the fun can begin.

Assumption #9

Now that the end-user has jumped through all the required hoops and is really using a fake SSH/SCP Terminal Session the user will make requests of the fake man-in-the-middle “proxy” (the man-in-the-middle will coax the end-user into uploading a real Public Key – the one the real end-point is using – the end-user will also be coaxed into revealing the Private Key’s Passphrase all the while thinking this makes the whole system that much more secure…); you can probably see where this is going by now.  If not, there is still some hope for your soul.

Assumption #10

The Internet is a huge house of cards surrounded by smoke and mirrors and enough assumptions to allow almost any hacker with sufficient skill to achieve whatever may be desired.  User’s have to know more than the hackers they share their Internet experiences with… most users do not.

Enjoy !!!

%d bloggers like this: