Full Disclosure: Re: SSHatter 0.6

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: SSHatter 0.6

From: <full-disclosure () hushmail com>
Date: Sun, 07 Oct 2007 10:39:40 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This tools seems useless.

On Sat, 06 Oct 2007 11:53:30 -0400 Tim Brown <timb () nth-
dimension.org.uk> wrote:

All,

SSHatter, the SSH brute forcer is now up to release 0.6.  New
since the last
announcement include:

* Changes allowing rudimentary username enumeration via timing
attacks (as
described in
http://www.securityfocus.com/archive/1/archive/1/448025/100/0/threa
ded) have
been implemented.  These changes has been validated against
OpenSSH 3.5p1.

* Targets and usernames are now specified in a file and targets
can now be
specified one per line in the format <hostname>[:<portnumber>].

* Reconnection can optionally be enabled where support on
connection failures
have occurred.

* A default passwords list (taken from
http://www.nth-dimension.org.uk/downloads.php?id=30) has also been
added.

* Fixes for systems configured with AllowUsers have added as these
systems do
not return "Permission denied" on Net::SSH::Perl->login().

This latest version can be downloaded from
http://www.nth-dimension.org.uk/downloads.php?id=34.

Remember, auditing systems without permission may be a crime,
always read the
label.

Tim
--
Tim Brown
<mailto:timb () nth-dimension org uk>
<http://www.nth-dimension.org.uk/>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Charset: UTF8
Version: Hush 2.5

wpwEAQECAAYFAkcI76wACgkQ+dWaEhErNvSKMgP/Wdbi++Go+XYTWHPx3MT74qPyha/t
xSv8IMyt6zvck+h44OPeKMEQAT0Z0beMVs2b1WZd1MdcBKjV5eL+BR//bf1uvbPzlO6n
IqV2qETwAMDb65TvOH3Eta4t3Mvf0MokFOMrIMVGN0bENcHIOWkApU7myfB1HJBlPJLh
ajfUYTI=
=66BE
-----END PGP SIGNATURE-----

--
Take a perfect family vacation to Orlando. Click Here.
http://tagline.hushmail.com/fc/Ioyw6h4eQYIF65eSQFBVR6wwgXlRkYwvCKN6EgiDiF407FG2t8YUK8/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

SSHatter 0.6 Tim Brown (Oct 06)
- <Possible follow-ups>
- Re: SSHatter 0.6 full-disclosure (Oct 07)
- Re: SSHatter 0.6 phioust (Oct 07)
  - Re: SSHatter 0.6 ghost (Oct 07)
  - Re: SSHatter 0.6 Anders B Jansson (Oct 07)