Security Basics mailing list archives
RE: attack ssh with medusa
From: "Veal, Richard" <rveal () westernpower co uk>
Date: Fri, 22 Aug 2008 08:34:38 +0100
#-----Original Message----- #From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Sergio Ruiz # #when I start attack, I have a problem: #$ medusa -h 192.168.1.2 -u root -P /home/sergi/John_Passw/D8.DIC -M ssh Medusa v1.4 [http://www.foofus.net] (C) JoMo-Kun #/ Foofus Networks <jmk () foofus net> # #ACCOUNT CHECK: [ssh] Host: 192.168.1.2 (1/1) User: root (1/1) Password: - (1/106626) ACCOUNT CHECK: [ssh] Host: #192.168.1.2 (1/1) User: root (1/1) Password: . (2/106626) ACCOUNT CHECK: [ssh] Host: 192.168.1.2 (1/1) User: root (1/1) #Password: .,m #(3/106626) ACCOUNT CHECK: [ssh] Host: 192.168.1.2 (1/1) User: root (1/1) #Password: .,mn (4/106626) ERROR: Failed to retrieve supported authentication modes. #Aborting... ERROR: No supported authentication methods located. #ACCOUNT CHECK: [ssh] Host: 192.168.1.2 (1/1) User: root (1/1) Password: .,mnb #(5/106626) #$ # # #in the victim pc: #Aug 21 08:27:41 192.168.1.2 sshd[12649]: Failed password for root from 192.168.1.3 port 45652 ssh2 Aug 21 08:27:4 #192.168.1.2 last message repeated 3 times # # #which the problem? # #Thanks.. My first thought (although I am very tired so it may be useless) is that SSH is kicking the authentication attempt after 3 tries - admittedly Medusa should have established another connection and carried on with the brute force, but like I said, its just the first thought that entered my tired brain. Just had another thought - have you even enabled the ability for root to login on your Ubuntu?! Cheers - Western Power Distribution (South West) plc / Western Power Distribution (South Wales) plc Registered in England and Wales Registered number: 2366894 (South West) / 2366985 (South Wales) Registered Office: Avonbank, Feeder Road, Bristol, BS2 0TB This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmaster () westernpower co uk
Current thread:
- attack ssh with medusa Sergio Ruiz (Aug 21)
- Re: attack ssh with medusa Adam hostetler (Aug 22)
- RE: attack ssh with medusa Veal, Richard (Aug 22)
- Re: attack ssh with medusa Sergio Ruiz (Aug 25)