FreexPloit Original article No fixed password Verify that the reasons for the posterior door text AlLeesno 2004 11 29 1. Follow the local sniff 2. Following the anti-middleman, of course, the rear door can write SSH C / S but this does not mean that absolute safety SSH also explodes several vulnerabilities Other encrypted transmission methods. This is also the effect of SSH's effectiveness to the back door. I think I think No fixed password verification, even if the password at the time is sniffing as long as the next password change is then the snober is also in vain, let's see some insights of WineggDrop in the password verification method in 2003 (I remember not too Clear, if there is a mistake, please forgive forgiven) Wineggdrop: 1. IP2. MAC Address 3. Homemade encryption method? ? I remember that I will demonstrate my own way to confront my method to confront my own method to confront the local sniffing code here. I use a more extreme example. I use Telnet plain text to send passwords. The installation of the back door backdoor.exe C machine on the machine We use Telnet to log in to the S-D-Code to ixyousoyouhapppy When the S-machine is installed, the password IXYOUSOYOUHAPPY is intercepted. I think the way is to customize a random password. Correspondence The table puts the form in Backdoor.exe. Every time the Telnet S machine, the S will give back the encrypted ciphertext. Then we decode the ciphertext in this unit, and then send it to the S machine because each Telnet S is Generating different encrypted ciphertext unless the sniffer can get a password, if you use a violent crack, it is almost also a copy of the copy of futment. The corresponding form is the resulting form. Since it is randomly generated, there is no fixed encryption method. You can even use a back door. One correspondence table diagram 1 we simulate the login method C: /> Telnet S 23 to connect the ing. . . . . Login: admin <----- This is a login password to enter its feedback ciphertext THE IS: A, 1 A, 2 7, DY, 99 QQQ, 12 1, 1 ^ 2 8, @ x, ! <----- By reading the column, use the ^ character specifying order 1, 1 ^ 2, the first column of 1 characters and the second 1 character, character as partitioning Column of characters Observing password correspondence table 2 [IMG] http://blog.9cbs.net/Images/blog_9cbs_net/freexploit/57030/o_key2.gif [/ img] We derived a password to D $ 0d, 28s reuse This password can log in to the C: /> Telnet S 23 to connect the ing. . . . . Login: Adminthe Key IS: A, 1 A, 2 7, DY, 99 QQQ, 12 1, 1 ^ 2 8, @ x,! Password: D $ 0d, 28sroot #, there is no fixed password verification, after the door demonstration, we can To make a few extensions, although the demonstration is just a random password through the password form but can actually generate a random encryption protocol When we telnet S machine and enter the login password, it can be a random encryption protocol. We can pass the password. The corresponding form is adjusted to connect each used encryption protocol to connect the protocol that connects the broiler. It is just a prototype. I hope someone can be interested in it and improve :)
