Our great sponsors
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Hack Club founder here. I'm so glad you found this!
I built SSHTron a few years ago at a hackathon. It served as the inspiration for jobs.hackclub.com.
The code for both is open source, at https://github.com/zachlatta/sshtron and https://github.com/hackclub/jobs respectively.
Hack Club founder here. I'm so glad you found this!
I built SSHTron a few years ago at a hackathon. It served as the inspiration for jobs.hackclub.com.
The code for both is open source, at https://github.com/zachlatta/sshtron and https://github.com/hackclub/jobs respectively.
> As far as I know, the client is not fuzzed (though I'd be happy to find out I'm wrong).
Just touching on this one part, the rest still applies, openssh does use fuzzing. [0][1] Both client and daemon are fuzzed using AFL, though it does seem to be on an ad-hoc basis rather than automated, but it generally happens before a new release.
Unfortunately, to run AFL on openssh, they do have to patch it a bit, so what gets fuzzed and what is released isn't 1-to-1. This is because the privilege separations tend to defeat methods of detecting most of those sorts of bugs on their own.
[0] https://github.com/djmdjm/openssh-fuzz-cases
[1] For example: https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ke...