Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

RE: SSH version 2(!!) - brute forcer
From: "Brass, Phil (ISS Atlanta)" <PBrass () iss net>
Date: Tue, 17 Jun 2003 21:53:54 -0400
You can use the perl library Net::SSH::Perl to write a simple SSHv1 or
v2 brute-forcer pretty quickly.

Phil


-----Original Message-----
From: Kroma Pierre [mailto:kroma () syss de] 
Sent: Tuesday, June 17, 2003 4:08 PM
To: pen-test () securityfocus com
Subject: SSH version 2(!!) - brute forcer


Hi,

I'm pentesting a ssh server version 2 and found with the 
timing bug a list of valid users. Do you know a brute force 
tool/script, which can check a ssh server, who only support 
ssh version 2?

I got the ssh brute force tool from James Shanahan (published 
at pentest mailinglisting on 01/25/2002), which is written in 
expert, but it only support ssh version 1.

In version 2 my ssh client asking thrice for a correct 
password. This is unaccounted for in James Shanahan's script.

Thanx for help and best regards.

Pierre

--------------------------------------------------------------
-------------
Attend the Black Hat Briefings & Training, July 28 - 31 in 
Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 
training sessions, 
1,800 delegates from 30 nations including all of the top 
experts, from CSO's to 
"underground" security specialists.  See for yourself what 
the buzz is about!  
Early-bird registration ends July 3.  This event will sell 
out. www.blackhat.com
--------------------------------------------------------------
--------------




---------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists.  See for yourself what the buzz is about!
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
----------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]