Home page logo
/

bugtraq logo Bugtraq mailing list archives

SSHatter 0.6
From: Tim Brown <timb () nth-dimension org uk>
Date: Sat, 6 Oct 2007 16:53:30 +0100

All,

SSHatter, the SSH brute forcer is now up to release 0.6.  New since the last 
announcement include:

* Changes allowing rudimentary username enumeration via timing attacks (as 
described in 
http://www.securityfocus.com/archive/1/archive/1/448025/100/0/threaded) have 
been implemented.  These changes has been validated against OpenSSH 3.5p1.

* Targets and usernames are now specified in a file and targets can now be 
specified one per line in the format <hostname>[:<portnumber>].

* Reconnection can optionally be enabled where support on connection failures 
have occurred.

* A default passwords list (taken from 
http://www.nth-dimension.org.uk/downloads.php?id=30) has also been added.

* Fixes for systems configured with AllowUsers have added as these systems do 
not return "Permission denied" on Net::SSH::Perl->login().

This latest version can be downloaded from 
http://www.nth-dimension.org.uk/downloads.php?id=34.

Remember, auditing systems without permission may be a crime, always read the 
label.

Tim
-- 
Tim Brown
<mailto:timb () nth-dimension org uk>
<http://www.nth-dimension.org.uk/>


  By Date           By Thread  

Current thread:
  • SSHatter 0.6 Tim Brown (Oct 06)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]