Penetration Testing mailing list archives

Re: SSH version 2(!!) - brute forcer

From: Jamie <aouf77 () dsl pipex com>
Date: Tue, 17 Jun 2003 21:52:43 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 17 June 2003 21:07, Kroma Pierre wrote:

Hi,

I'm pentesting a ssh server version 2 and found with the timing bug a list
of valid users. Do you know a brute force tool/script, which can check a
ssh server, who only support ssh version 2?


I think this is what you're looking for:

        http://packetstormsecurity.com/groups/teso/guess-who-0.44.tgz

- -jamie.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE+73+o0oWsN6bx+R0RApQIAJ9G5ibMYvGVxc2qmY6YDC5pJq0bwQCfSZ9C
fJ+z4EtiGY0Qg7rdma54hxA=
=9Fz+
-----END PGP SIGNATURE-----


---------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists.  See for yourself what the buzz is about!
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
----------------------------------------------------------------------------

Current thread:

SSH version 2(!!) - brute forcer Kroma Pierre (Jun 17)
- Re: SSH version 2(!!) - brute forcer Jamie (Jun 17)
- <Possible follow-ups>
- RE: SSH version 2(!!) - brute forcer Brass, Phil (ISS Atlanta) (Jun 18)