Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to hide SSH version
Operating Systems Solaris How to hide SSH version Post 302168538 by Perderabo on Monday 18th of February 2008 10:21:22 PM
Old 02-18-2008
Ok, I won't guarantee that this will work for you. But here is a way to change a string in an executable. You will need the gnu strings command. It is available in the binutils package at sunfreeware. So I need a binary to fiddle with....
Code:
$ cp /usr/bin/ftp .
$ ./ftp
ftp> help
Commands may be abbreviated.  Commands are:

!               cd              edit            help            mdir            newer           prompt          reset           size            user
$               cdup            epsv4           idle            mget            nlist           proxy           restart         status          verbose
account         chmod           exit            image           mkdir           nmap            put             rhelp           struct          ?
append          close           form            lcd             mls             ntrans          pwd             rmdir           sunique
ascii           cr              ftp             less            mode            open            quit            rstatus         system
bell            debug           get             lpwd            modtime         page            quote           runique         tenex
binary          delete          gate            ls              more            passive         recv            send            trace
bye             dir             glob            macdef          mput            preserve        reget           sendport        type
case            disconnect      hash            mdelete         msend           progress        rename          site            umask
ftp> bye
$

Ok, Let's say that my auditors are demanding that I render the word abbreviated in all caps. This means that my replacement text has the exact same number of characters as my original text. That is important. I can change the text easily but changing the size is harder. I need to locate the string and that is why I am using the GNU strings program.
Code:
$ strings -t d -a -n 7 ftp | grep abbreviated
 290112 %sommands may be abbreviated.  Commands are:
$

There is my string but I need to code up a dd command that isolates it. It looks about 15 characters long starting a little bit after 290112. So I try...
Code:
$ dd if=./ftp bs=1 skip=290130 count=15 | od -A n -c
15+0 records in
15+0 records out
15 bytes transferred in 1 secs (15 bytes/sec)
           b   b   r   e   v   i   a   t   e   d   .           C   o

This got me close. But I need it exact...
Code:
$ dd if=./ftp bs=1 skip=290129 count=11 | od -A n -c
11+0 records in
11+0 records out
11 bytes transferred in 1 secs (11 bytes/sec)
           a   b   b   r   e   v   i   a   t   e   d
$

OK, that got it. What I really want to do is crack my ftp executable up into 3 pieces: the stuff before my string, my string, and the stuff after my string. This will take 3 dd statements and now I know how to code them...
Code:
$ dd if=./ftp bs=1 count=290129 of=ftp.1
290129+0 records in
290129+0 records out
290129 bytes transferred in 2 secs (145064 bytes/sec)
$ dd if=./ftp bs=1 skip=290129 count=12 of=ftp.2
12+0 records in
12+0 records out
12 bytes transferred in 1 secs (12 bytes/sec)
$ dd if=ftp bs=1 skip=290141 count=999999999 of=ftp.3
38563+0 records in
38563+0 records out
38563 bytes transferred in 1 secs (38563 bytes/sec)

Now I want to be sure that the middle piece is the string I am expecting and then I want to change the string...
Code:
$ od -A n -c ftp.2
           a   b   b   r   e   v   i   a   t   e   d   .
$ print -n ABBREVIATED. > ftp.2
$ od -A n -c ftp.2
           A   B   B   R   E   V   I   A   T   E   D   .
$

Now I can reassemble the the pieces into a new binary and try it out...
Code:
$ cat ftp.* > ftp2
$ chmod u+x ftp2
$ ./ftp2
ftp> help
Commands may be ABBREVIATED.  Commands are:

!               cd              edit            help            mdir            newer           prompt          reset           size            user
$               cdup            epsv4           idle            mget            nlist           proxy           restart         status          verbose
account         chmod           exit            image           mkdir           nmap            put             rhelp           struct          ?
append          close           form            lcd             mls             ntrans          pwd             rmdir           sunique
ascii           cr              ftp             less            mode            open            quit            rstatus         system
bell            debug           get             lpwd            modtime         page            quote           runique         tenex
binary          delete          gate            ls              more            passive         recv            send            trace
bye             dir             glob            macdef          mput            preserve        reget           sendport        type
case            disconnect      hash            mdelete         msend           progress        rename          site            umask
ftp> bye
$ ./ftp
ftp> help
Commands may be abbreviated.  Commands are:

!               cd              edit            help            mdir            newer           prompt          reset           size            user
$               cdup            epsv4           idle            mget            nlist           proxy           restart         status          verbose
account         chmod           exit            image           mkdir           nmap            put             rhelp           struct          ?
append          close           form            lcd             mls             ntrans          pwd             rmdir           sunique
ascii           cr              ftp             less            mode            open            quit            rstatus         system
bell            debug           get             lpwd            modtime         page            quote           runique         tenex
binary          delete          gate            ls              more            passive         recv            send            trace
bye             dir             glob            macdef          mput            preserve        reget           sendport        type
case            disconnect      hash            mdelete         msend           progress        rename          site            umask
ftp> bye
$

That is pretty much it. But you need to get the arithmetic right or it won't work.
 

10 More Discussions You Might Find Interesting

1. Solaris

ssh version

Which version of SSH is this ssh -V SSH Version Sun_SSH_1.0, protocol versions 1.5/2.0. (2 Replies)
Discussion started by: csaunders
2 Replies

2. Solaris

command to know ssh version

Hi, I want to know the command to know ssh version on solaris (1 Reply)
Discussion started by: manoj.solaris
1 Replies

3. UNIX for Dummies Questions & Answers

SSH version of rlogin (ie without password prompt)

I have 3 Solaris 10 UNIX servers, the shadow and passwd file are all identical and are automatically sync every 5 minutes. A majority of the users do not have CLI access but rather use a menu. I currently have menu options that allows them to rlogin to another server and I need to have the... (1 Reply)
Discussion started by: creedonjm
1 Replies

4. AIX

SSH Protocol Version 1

SSH Protocol Version 1 Session Key Retrieval Disable compatibility with version 1 of the protocol can any one advice in this regard and how can I Disable compatibility with version 1 of the protocol Pls advice .. (2 Replies)
Discussion started by: Mr.AIX
2 Replies

5. Shell Programming and Scripting

Help to hide shell terminal and run prompt program after ssh login for specified user

Hey guys, I have some task from my office to lock user on the specified directory after the user logged on using ssh. And then run prompt program to fill the required information. Yeah, just like an ATM system. My question: How could I do those?? AFAIK I have to edit the ~./bashrc. But the... (1 Reply)
Discussion started by: franzramadhan
1 Replies

6. Cybersecurity

Disable SSH 1.99 version?

Hello. My security audit reconise SSH 1.99 protocol version allowed. But in my sshd_config config is only: SSH version: How can I disable support for ssh protocol 1.99 version? (1 Reply)
Discussion started by: jabalv
1 Replies

7. IP Networking

ssh version 1 problem please help

Hi guys please help with the following. $ssh -1 -vvv -l username -o "ForwardX11 yes" server.name netscape OpenSSH_5.8p1, OpenSSL 0.9.8r 8 Feb 2011 debug2: ssh_connect: needpriv 0 debug1: Connecting to server.address port 22. debug1: Connection established. debug1: identity file... (1 Reply)
Discussion started by: llcooljatt
1 Replies

8. Shell Programming and Scripting

Hide the output of spawn ssh user@server

Hi All, I have written one script, which is connecting 3 diffrent servers and executing script placed on those. It is smthing like: spawn ssh user@server1 expect "*? assword:" send "pw \r" expect "$" send " sh ./filename1 \r" expect "$" expect eof spawn ssh user@server2 expect "*?... (7 Replies)
Discussion started by: KDMishra
7 Replies

9. Programming

How to hide from UNIX strings - obfuscate or hide a literal or constant?

Hi, I need to somehow pipe the password to a command and run some SQL, for example, something like echo $password | sqlplus -s system @query01.sql To make it not so obvious, I decided to try out writing a small C program that basically just do echo $password. So now I just do x9.out | sqlplus... (8 Replies)
Discussion started by: newbie_01
8 Replies

10. UNIX for Advanced & Expert Users

How do I remove or hide SunOS version/release from remote login prompt?

For any SunOS 5.XX release, it appears prior to the "login:" prompt (as if a "uname" command is run). Would anyone know where that initial display of SunOS release comes from upon a remote login and how I can stop if from displaying? Thank you (4 Replies)
Discussion started by: ssid61
4 Replies
All times are GMT -4. The time now is 05:19 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy