hey guys i wanted to know if i could theorettically use arp poisoning to hijack an ssh session and become root through that session. i would own all three boxes of course so its not an ethical question so much as an "is it possible" type thing

im pritty sure it would be imposible...

if you have 3 PCS

A - client
B - server
C - you

and you wanna hijact the client into the server...

A--C--B

and make B think you are A

you would need the key that B sent to A and the key that A sent back to B.. which should in theory be imposible to get, so in ans to your question : I think its imposible to do, however where there is a will there is a way so i unno for sure

Buz

yes

most protocols that do not use digital signature verification (ssh) are susceptible to man in the middle attacks

look for sshsniff from psychoid
really usefull and working one but .. it has many bugs if you're good at coding you can fix the source quickly

I think cain and able does it . When it gets digital signature in th session which is hijacked then it injects its own signature in client and continue sniffing

What you are looking for is a man-in-the-middle attack. They are not simple to accomplish, but looking on the web for that you should find more.

Ettercap has the ability to sniff ssh1 sessions, but I thinkt thats about all it could do

ettercap is without doubt a "good thing", SSH1 is vulnerable. If the server is configged to use Version 2 only things become a bit harder there is a catch tho, if they use DSA keyxchange you can do a MITM attack. RSA is somehow more resistant. Discussions are still going, but as far as i know DSA canbe MITM'd. Only problem is the site certificate if they are used. Will be noticed by the client...

Good luck....