Trying to intercept the SSH connection to AWS EC2 instance
vk-gst opened this issue · 3 comments
vk-gst commented
I am a beginner to penetration testing and was wondering if I can use this method that you described to intercept an AWS EC2 instance ssh. I will be doing this in my own machine and a AWS EC2 server that I have full control on.
Would this be possible? and if yes, is it legal to do so? I do not want to run into some illegal law suites trying to do this on the Amazon AWS.
jtesta commented
Technically speaking, it is possible to use this to intercept
credentials to EC2 servers, assuming the attacker and victim are on the
same LAN.
Legally speaking, I'm not a lawyer in any jurisdiction. But I strongly
suspect that it is legal to do in the U.S. as long as you have
permission from the server owner. I don't know about any other
jurisdictions in the world.
…On 4/24/20 9:08 AM, Venkatesh Kuppan wrote:
I am a beginner to penetration testing and was wondering if I can use
this method that you described to intercept an AWS EC2 instance ssh. I
will be doing this in my own machine and a AWS EC2 server that I have
full control on.
Would this be possible? and if yes, is it legal to do so? I do not want
to run into some illegal law suites trying to do this on the Amazon AWS.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#26>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAWYA65Q7PI7OYQ2DKY6MJDROGFNDANCNFSM4MQCYANQ>.
--
Joseph S. Testa II
Founder & Principal Security Consultant
Positron Security
vk-gst commented
"On the same LAN", that's something I did not understand. Imagine an attacker having an IP address of the server, but not the user name and the public/private key for SSH session. In that scenario, what would be the approach in using this tool?
jtesta commented
The typical use case of this tool is that the attacker is on the same
LAN as the victim(s) so that ARP spoofing intercepts all their traffic.
The tool then intercepts all new SSH connections to any destination
(neither the destination nor username need to be known ahead of time).
As long as the attacker can intercept the entire connection from the
victim, this attack is possible. ARP spoofing isn't the only way; its
possible to run other routing attacks as well, though this is outside
the scope of the project.
I'd recommend trying it out first on your own private LAN. The
instructions on the project page will get you up and running very quickly.
…On 4/24/20 11:26 AM, Venkatesh Kuppan wrote:
"On the same LAN", that's something I did not understand. Imagine an
attacker having an IP address of the server, but not the user name and
the public/private key for SSH session. In that scenario, what would be
the approach in using this tool?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#26 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAWYA65X6X5V3OQIOHTZWKDROGVSVANCNFSM4MQCYANQ>.
--
Joseph S. Testa II
Founder & Principal Security Consultant
Positron Security