Ask Your Question
0

Possible to re-connect to a remote host using previously recorded SSH traffic?

asked 2021-07-07 15:31:35 +0000

apolonie gravatar image

Hi all,

This is a theoretical question, but I'm curious if I remote into a host using SSH and successfully authenticate in, while recording the traffic, is it possible to re-authenticate in using only the SSH traffic recorded by wireshark?

i.e. using a traffic replay system and feed it the SSH traffic to successfully connect to a remote host. I'm trying to find a way to record & replay cyber attacks as a hobby and curious if you guys know of any software that does this.

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2021-07-07 17:07:01 +0000

grahamb gravatar image

I hope not.

The client has the private key and the server holds the public partner of the key and they are used to sign random data to ensure each end is legitimate. The use of random data prevents replays.

edit flag offensive delete link more

Comments

Interesting, I'm curious what the attraction is to record & replay systems that utilize .pcap's for the replay architecture. It seems there are multiple protocols (SSHv2, SMTP, etc.) that make it very difficult to replay deterministically.

apolonie gravatar imageapolonie ( 2021-07-07 17:10:27 +0000 )edit

SMTP is certainly vulnerable to replay, the nature of the protocol requires no authentication at all when receiving email from outside sources. The sender can be verified by such things as SPF and DKIM, but the SMTP server simply has to receive everything not directly blocked.

grahamb gravatar imagegrahamb ( 2021-07-07 17:31:17 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2021-07-07 15:31:35 +0000

Seen: 142 times

Last updated: Jul 07 '21

Related questions

HTTP packet replay

Effective Way to Replay Pcap Files?

How can I replay the pcapng file?

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2