Home page logo

pen-test logo Penetration Testing mailing list archives

SSH version 2(!!) - brute forcer
From: Kroma Pierre <kroma () syss de>
Date: Tue, 17 Jun 2003 22:07:38 +0200


I'm pentesting a ssh server version 2 and found with the timing bug a list of valid users. Do you know a brute force 
tool/script, which can check a ssh server, who only support ssh version 2?

I got the ssh brute force tool from James Shanahan (published at pentest mailinglisting on 01/25/2002), which is 
written in expert, but it only support ssh version 1.

In version 2 my ssh client asking thrice for a correct password. This is unaccounted for in James Shanahan's script.

Thanx for help and best regards.


Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 training sessions, 
1,800 delegates from 30 nations including all of the top experts, from CSO's to 
"underground" security specialists.  See for yourself what the buzz is about!  
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]