sshmitm.tutorial.tutorials.mirrorshell package

Tutorial: SSH Session Mirroring (mirrorshell).

class sshmitm.tutorial.tutorials.mirrorshell.MirrorshellTutorial

Bases: Tutorial

category: ClassVar[str] = 'Session Interception'

description: ClassVar[str] = 'Learn how SSH-MITM mirrors a live shell session to the attacker, allowing command injection into an unattended terminal.'

generate_sftp_files(session_data)

Return the in-memory SFTP filesystem {path: content} for this session.

Override in subclasses that use an SFTP victim action. Only the returned paths are accessible via SFTP; all other requests are rejected with SFTP_NO_SUCH_FILE. Return an empty dict (default) to disable SFTP on the mock server.

Parameters:

session_data (dict[str, object])

Return type:

dict[str, bytes]

generate_shell_outputs(session_data)

Return mock shell outputs {command: output} for this session.

Override in subclasses that use a ShellSessionAction. The mock shell shows shell_prompt() and returns predefined output for each registered command without spawning any subprocess.

Parameters:

session_data (dict[str, object])

Return type:

dict[str, bytes]

generate_tutorial_session_data()

Return tutorial-specific values merged into the session data at start.

Override in subclasses to inject randomized values (e.g. filenames, commands) that UserInput conditions check against.

Return type:

dict[str, object]

id: ClassVar[str] = '05-mirrorshell'

server = MockServerConfig(users=[UserConfig(username=None, auth=PublicKeyAuth(key=None))], subsystems=['sftp'], allow_shell=True, allow_exec=True, mock_port=2200, sshmitm_port=10022)

shell_prompt()

Prompt shown by the mock interactive shell. Override to customise.

Return type:

bytes

steps: list[Step] = [Step(id='intro', title='What you will learn', content='', condition=<sshmitm.tutorial._conditions.TRUE object>, victim_action=None, command=None, copyable=[], hint_waiting='', hint_done='Introduction read. ✓'), Step(id='start-sshmitm', title='Start SSH-MITM', content='', condition=<sshmitm.tutorial._conditions.PortOpen object>, victim_action=None, command='ssh-mitm server --remote-host 127.0.0.1 --remote-port {mock_port} --listen-port {sshmitm_port}', copyable=[], hint_waiting='Waiting for SSH-MITM to start on port {sshmitm_port}…', hint_done='SSH-MITM is running on port {sshmitm_port}. ✓'), Step(id='intercept', title='Connect to the mirrored session and find the SNMP secret', content='', condition=<sshmitm.tutorial._conditions.UserInput object>, victim_action=<sshmitm.tutorial._client_actions.KeepAliveShellAction object>, command=None, copyable=[], hint_waiting="The network admin's session is open. Check the SSH-MITM terminal for the mirrorshell port and connect. The terminal may appear blank — type 'help' to get started.", hint_done='Correct! You successfully extracted the SNMP community string. ✓')]

title: ClassVar[str] = 'SSH Session Mirroring'