New security upgrade time!
Why would anyone do this?
Well, if you know how service/port banners work, you'll become aware that when you fingerprint or scan a port, often the service behind it will fire back a protocol message indicating some useful information about the service itself.
I recently brought this website back online after a LONG hiatus, and in getting back into the swing of things, decided that I wanted to lock stuff down just a bit tighter than before. I asked myself "...can I alter the service banner reported by SSH when I nmap my site?"
So, I found a blog where someone did this on their RaspberryPi:
This is pretty cool and nifty. A lot of ssh ports on the web still report things like:
- What version of sshd it is
- If it is OpenSSH or not
- What operating system it was built for
So, can it be replicated outside of RaspberryPi? YES! But you must be careful...
The first time I attempted this, I almost locked myself out of SSH by overwriting one of the strings that I SHOULDN'T overwrite.
Everyone's process doing this is going to be slightly different due to varying binary addresses as to where the strings are located in the
sshd binary itself.
But, I've confirmed it works.
me@mypc:~$ telnet mywebsite.com myport Trying aaa.bbb.ccc.ddd... Connected to mywebsite.com. Escape character is '^]'. SSH-2.0-Eat my shorts, hackers! =D XOXO
I'll be getting a video of both this in action AND how to wipe out the banner text yourself.
If you've found this information helpful, please consider signing up for a new Vultr VPS instance using my link: https://www.vultr.com/?ref=8632027-6G.
I am giving away $100 worth of VPS credits, so you can sign up and try wiping out your box's SSH banner yourself without any risk to your own boxes :)
I hope you all have a pleasant sunday! Take it easy until next time :D