RE: SSH version 2(!!) - brute forcer

From: Brass, Phil (ISS Atlanta) (PBrass@iss.net)
Date: Tue Jun 17 2003 - 21:53:54 EDT

• Next message: miguel.dilaj@pharma.novartis.com: "Re: Honeypot detection and countermeasures"
• Previous message: Larry Colen: "Re: Honeypot detection and countermeasures"
• Maybe in reply to: Kroma Pierre: "SSH version 2(!!) - brute forcer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

You can use the perl library Net::SSH::Perl to write a simple SSHv1 or
v2 brute-forcer pretty quickly.

Phil

> -----Original Message-----
> From: Kroma Pierre [mailto:kroma@syss.de]
> Sent: Tuesday, June 17, 2003 4:08 PM
> To: pen-test@securityfocus.com
> Subject: SSH version 2(!!) - brute forcer
>
>
> Hi,
>
> I'm pentesting a ssh server version 2 and found with the
> timing bug a list of valid users. Do you know a brute force
> tool/script, which can check a ssh server, who only support
> ssh version 2?
>
> I got the ssh brute force tool from James Shanahan (published
> at pentest mailinglisting on 01/25/2002), which is written in
> expert, but it only support ssh version 1.
>
> In version 2 my ssh client asking thrice for a correct
> password. This is unaccounted for in James Shanahan's script.
>
> Thanx for help and best regards.
>
> Pierre
>
> --------------------------------------------------------------
> -------------
> Attend the Black Hat Briefings & Training, July 28 - 31 in
> Las Vegas, the
> world's premier technical IT security event! 10 tracks, 15
> training sessions,
> 1,800 delegates from 30 nations including all of the top
> experts, from CSO's to
> "underground" security specialists. See for yourself what
> the buzz is about!
> Early-bird registration ends July 3. This event will sell
> out. www.blackhat.com
> --------------------------------------------------------------
> --------------
>
>

---------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists. See for yourself what the buzz is about!
Early-bird registration ends July 3. This event will sell out. www.blackhat.com
----------------------------------------------------------------------------

• Next message: miguel.dilaj@pharma.novartis.com: "Re: Honeypot detection and countermeasures"
• Previous message: Larry Colen: "Re: Honeypot detection and countermeasures"
• Maybe in reply to: Kroma Pierre: "SSH version 2(!!) - brute forcer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:34 EDT