1

There have been a number of threads lately about hacked websites where attackers are gaining control of the servers these sites are being hosted on. As such, these servers should be treated as completely compromised.

Often you utilize the server unknowingly until you discover the hack. Sometimes you have to connect to the compromised server to investigate.

What possible risks exist from utilizing a server in its compromised state from another machine?

I mean everything from visiting a compromised webpage on a site hosted on the server to SSH'ing directly into the server from another machine. What malicious actions can be run against the remote machine accessing the compromised server or what potentially sensitive information can be used to aid an attacker in then taking over your remote machine? (RSA keys for example, or utilizing an active SSH session)

myol
  • 133
  • 4

1 Answers1

3

Let's start with eh two examples you gave:

  1. Accessing a compromised website means you may be browsing malicious web pages. If your web browser is vulnerable and the attackers have modified the web pages to take advantage of that, you may be pwned.

  2. Recently, we had an OpenSSH vulnerability that allowed an attacker to potentially steal your private key by using a "roaming" feature. Essentially, it lets a malicious server begin siphoning memory from your machine if you connect to it. If your client is vulnerable to this you may be pwned.

More info on the roaming vulnerability in OpenSSH

d1str0
  • 2,348
  • 14
  • 24