Full Disclosure mailing list archives
Re: SSHatter 0.6
From: <full-disclosure () hushmail com>
Date: Sun, 07 Oct 2007 10:39:40 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This tools seems useless. On Sat, 06 Oct 2007 11:53:30 -0400 Tim Brown <timb@nth- dimension.org.uk> wrote:
All, SSHatter, the SSH brute forcer is now up to release 0.6. New since the last announcement include: * Changes allowing rudimentary username enumeration via timing attacks (as described in http://www.securityfocus.com/archive/1/archive/1/448025/100/0/threa ded) have been implemented. These changes has been validated against OpenSSH 3.5p1. * Targets and usernames are now specified in a file and targets can now be specified one per line in the format <hostname>[:<portnumber>]. * Reconnection can optionally be enabled where support on connection failures have occurred. * A default passwords list (taken from http://www.nth-dimension.org.uk/downloads.php?id=30) has also been added. * Fixes for systems configured with AllowUsers have added as these systems do not return "Permission denied" on Net::SSH::Perl->login(). This latest version can be downloaded from http://www.nth-dimension.org.uk/downloads.php?id=34. Remember, auditing systems without permission may be a crime, always read the label. Tim -- Tim Brown <mailto:timb () nth-dimension org uk> <http://www.nth-dimension.org.uk/> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Charset: UTF8 Version: Hush 2.5 wpwEAQECAAYFAkcI76wACgkQ+dWaEhErNvSKMgP/Wdbi++Go+XYTWHPx3MT74qPyha/t xSv8IMyt6zvck+h44OPeKMEQAT0Z0beMVs2b1WZd1MdcBKjV5eL+BR//bf1uvbPzlO6n IqV2qETwAMDb65TvOH3Eta4t3Mvf0MokFOMrIMVGN0bENcHIOWkApU7myfB1HJBlPJLh ajfUYTI= =66BE -----END PGP SIGNATURE----- -- Take a perfect family vacation to Orlando. Click Here. http://tagline.hushmail.com/fc/Ioyw6h4eQYIF65eSQFBVR6wwgXlRkYwvCKN6EgiDiF407FG2t8YUK8/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- SSHatter 0.6 Tim Brown (Oct 06)
- <Possible follow-ups>
- Re: SSHatter 0.6 full-disclosure (Oct 07)
- Re: SSHatter 0.6 phioust (Oct 07)
- Re: SSHatter 0.6 ghost (Oct 07)
- Re: SSHatter 0.6 Anders B Jansson (Oct 07)