File tree Expand file tree Collapse file tree 4 files changed +41
-1
lines changed
Expand file tree Collapse file tree 4 files changed +41
-1
lines changed Original file line number Diff line number Diff line change 1010 :maxdepth: 2
1111 :caption: Contents:
1212
13+ start
1314 injectorshell
15+ stealthshell
1416 scriptedshell
Original file line number Diff line number Diff line change 11Injectorshell
2- =================
2+ ===============
33
4+ :: info
5+
6+ It should also be noted that shell environment can be affected by any injector shell and is not accounted for when
7+ considering stealth. This means environment variables or the working directory for example can be changed by any
8+ injector shell and will alert the original shells owner of faulty operation.
9+
10+ :: important
11+
12+ It is also important to mention that when multiple injector shells are inserting commands into the same hijacked ssh
13+ session at the same time discrepancies are not accounted for. Keystrokes are collectively merged at the server and the
14+ responses are served accordingly. This is also true for the clients interactive ssh session. A advanced edition of the
15+ injectorshell fixes both these problems.
Original file line number Diff line number Diff line change 1+ Start
2+ =================
3+
Original file line number Diff line number Diff line change 1+ Stealthshell
2+ =================
3+
4+ As an upgrade to the `injectorshell `_ (implementation in `ssh-mitm <http://ssh-mitm.at/ >`_ done by me) the stealthshell
5+ provides a way to workaround the problem of interfering with the clients interactive session.
6+ It only executes injected commands when the shell of the user wont be affected. As long as the interactive shell of the
7+ client is not typing or executing a command input from the injector shells is halted and put in a waiting queue.
8+
9+ Using the ``--ssh-injector-super-stealth `` option the injector shells will only send whole commands instead of
10+ every keystroke. This further eliminates unwanted behavior. Unfinished commands from the injector shells are not seen
11+ by the server and the user of the interactive shell will never be surprised by input they never typed. This, however,
12+ will limit the terminal functionality of the injector shell. Because the server only responds to the whole command
13+ terminal features like command auto-completion when pressing tab or command history with the up and down key will not
14+ work correctly.
15+
16+
17+ :: info
18+ Environment considerations of the `injectorshell `_ are still uphold by the stealthshell. Discrepancy problems
19+ described by the `injectorshell `_ are solved by this newer edition (client cannot be interrupted by injected keystrokes BUT
20+ unfinished injected strokes will be seen by the server). Only with the ``--ssh-injector-super-stealth `` option the
21+ discrepancy between the user and all injector shells can be guaranteed.
22+
23+
You can’t perform that action at this time.
0 commit comments