[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] stealing ssh keys
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] stealing ssh keys
- From: Jacqui Caren <jacqui.caren@xxxxxxxxxxxx>
- Date: Wed, 24 Oct 2012 18:59:18 +0100
On 23/10/2012 16:07, Daniel Sichel wrote:
>
>> Hello everybody:
>> environment is A is hacker client? B is target and C is Manager
>> center and C have all A and B private key.
WTF! Why would anyone C or B or even A give out a PRIVATE key.
Does no one RTFM - you never ever give out your private key
and you protect it to heck and back.
>> C are open 80,22. And this is http's 403 state on the C.
>> I have A's root,how to steal private key On the C. Are there have
>> some vuln with openssh.
>> Is there some impossible which C login in to the A and B when A and B
>> let C run some bash.
>
>
> OK, I am a total n00b here but I do not see how having an ssl connection
> would help reveal an SSH key. Our organization generates our root certs
> separate from, and unrelated to SSH keys.. I do not see how SSL access in and
> of itself, helps get at SSH keys, If it does, let me know, I bank at Chase
> and that would be darn handy to know (believe me, they have it coming)!
This is full disclosure not "help a student do his homework".
My advice: give him a very blatantly stupid answer - let him get "null
points" from teacher :-)
Jacqui
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/