Linux penetration: Use ettercap to sniff the ssh Password

Generally, nc is used to determine whether the target ssh server can be sniffed. The specific method is nctargetip22. If the returned version number is a SSH-1.99, it indicates that protcol is 2, 1 in sshd_config. However, by default, the ettercap on the Internet cannot sniff the ssh1 password, even if the server to be sniffed is configured as protcol2 and 1.

Normally, we can determine whether the target ssh server can be used by sniffing.NcTo confirm. The specific method is nc targetip 22.

If the returned version number is SSH-1.99, it indicates the prot in sshd_configColIs 2, 1.

However, by default, the ettercap on the Internet cannot sniff the ssh1 password, even if the server to be sniffed is configured as protcol.

It took a while to study the filter writing method, write an ssh ssh-1.99 to the ssh-1.5 filter

 

 
 


  
  
If (tCp. Src = 22 & search (DATA. data, "SSH-1.99 ")){

  
  
 

  
  
Replace ("SSH-1.99", "SSH-1.5 ");

  
  
 

  
  
}

 
 

Save as sh. filter and compile as Etterfilter sh. filter-o sh. ef.

Load the filter when you start ettercap. Can you sniff it?