On Tue, 21 Jan 2020, Harald Wagener wrote: > Stephen Harris <lists@xxxxxxxxxx> schrieb am Di., 21. Jan. 2020, 02:39: > > > On Tue, Jan 21, 2020 at 12:18:52PM +1100, Damien Miller wrote: > > > I wouldn't say it's a lot harder to take control of current connections - > > > writing a ptrace-based tool that hijacked a running ssh client and > > > injected a one-off implant payload via keystrokes doesn't seem like > > > much work. > > > > * Injection of key strokes into an existing channel may be detected > > just because "hey, I didn't type foobar" so why is it on my screen. > > A new shell on a different channel won't show so obviously. > > > > `~.` is a nice keystroke sequence to inject because it disconnects the > session and you will likely not even see the input on screen. Remember that the attacker is in control of the ssh process - they can simply discard returned output from the far end after they perform the injection. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
