Anonymous SSH Hack.

A warning.

... i didn't check to confirm this a method yet, can't guarantee it's success, for now.

This a post will be rewritten when i have time to include:
- a full confirmation / troubleshooting results,
- edits for a constructive critic i already got (a better ssh parameters & a netcat use as an alternative for the connect.c tool) & perhaps will get still,
- full working shell script that hacks,
- full working shell script that generates a dictionary that contains character combinations for a 'brute-force attack'.
- a formal 'hack' definition,
- edits for a better, more coherent style.


About article's author.

i (Andrzej Wysocki, neomahakala108@gmail.com) am an amateur hacker, but i wish to work in the Cyber Security in the EU NATO Structure, probably in a small Company or a Corporation soon - located in Warsaw, Poland. My main concern is Cyber Terrorism & it's threat to World's Peace, especially when Quantum Computers start to create the Cipher Crisis, resulting probably in Economic Crisis & other threats as well.


Introduction.

'The Onion Routing' is about encrypting message multiple times, sending message through many nodes called 'Onion Routers'.

Each of the 'Onion Nodes' removes a layer of encryption to discover information about further routing, then sends data to a next 'Router'

TOR Network dominates in the use of this a Technology.


An Anonymous SSH Hack.

In this an article i'll try to describe rarely used option of SSH ProxyCommand, that lets to specify program through which the connection can be trasmitted.

First we need to install TOR with all dependencies:

> apt-get install tor

Then we need to prepare a connect.c software piece.

To tunnel SSH Connection we issue a command:

> ssh -o ProxyCommand="/home/nm108/connect -S localhost:9050 %h %p" 108.108.84.84 -p 22

... where /home/nm108/connect is a path to compiled 'connect.c' software piece, localhost:9050 is an address to our TOR server (port 9050 is a standard port for TOR server), and 108.108.84.84 is and IP addres of a server to which we wish to connect through SSH protocol; -p parameter is optional (if ssh works on port 22, it's not neccessary).

We can use sshpass software piece as well.

> sshpass -p '<password>' <ssh/scp command>

Then we can use a script that tries connecting in a loop, performing a 'Dictionary SSH Hack'.

A dictionary can also be 'brutal' - can use brute force character combinations as a part of it's contents.

This has uses in a 'firewall-bypassing hacks'.


Feedbacks to include so far:

'You probably want to pass the following

VerifyHostKeyDNS=no

Don't attempt to do lookups of the host's key fingerprint - those queries
will go out over your local connection

CheckHostIP=no

Don't do a DNS lookup of the host, the Tor exit node's going to do that
anyway, and again, the queries will be observable by your ISP

PubkeyAuthentication=no

Don't present any public keys which you might have configured the SSH
client to look for. They can be logged at the remote end

Instead of running connect, you can also use Netcat to pass traffic to Tor

ProxyCommand="nc -X 5 -x localhost:9050 %h %p"'

... also:

'> > CheckHostIP=no
> >
> > Don't do a DNS lookup of the host, the Tor exit node's going to do that
> > anyway, and again, the queries will be observable by your ISP
>
> I'm thinking that the use of ProxyCommand makes that redundant?
>


Yes, On a second look, I think you're probably right.'