[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] SSHatter 0.6

To: <full-disclosure@xxxxxxxxxxxxxxxxx>, <timb@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] SSHatter 0.6
From: <full-disclosure@xxxxxxxxxxxx>
Date: Sun, 07 Oct 2007 10:39:40 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This tools seems useless.

On Sat, 06 Oct 2007 11:53:30 -0400 Tim Brown <timb@nth-
dimension.org.uk> wrote:
>All,
>
>SSHatter, the SSH brute forcer is now up to release 0.6.  New
>since the last
>announcement include:
>
>* Changes allowing rudimentary username enumeration via timing
>attacks (as
>described in
>http://www.securityfocus.com/archive/1/archive/1/448025/100/0/threa
>ded) have
>been implemented.  These changes has been validated against
>OpenSSH 3.5p1.
>
>* Targets and usernames are now specified in a file and targets
>can now be
>specified one per line in the format <hostname>[:<portnumber>].
>
>* Reconnection can optionally be enabled where support on
>connection failures
>have occurred.
>
>* A default passwords list (taken from
>http://www.nth-dimension.org.uk/downloads.php?id=30) has also been
>added.
>
>* Fixes for systems configured with AllowUsers have added as these
>systems do
>not return "Permission denied" on Net::SSH::Perl->login().
>
>This latest version can be downloaded from
>http://www.nth-dimension.org.uk/downloads.php?id=34.
>
>Remember, auditing systems without permission may be a crime,
>always read the
>label.
>
>Tim
>--
>Tim Brown
><mailto:timb@xxxxxxxxxxxxxxxxxxxx>
><http://www.nth-dimension.org.uk/>
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Charset: UTF8
Version: Hush 2.5

wpwEAQECAAYFAkcI76wACgkQ+dWaEhErNvSKMgP/Wdbi++Go+XYTWHPx3MT74qPyha/t
xSv8IMyt6zvck+h44OPeKMEQAT0Z0beMVs2b1WZd1MdcBKjV5eL+BR//bf1uvbPzlO6n
IqV2qETwAMDb65TvOH3Eta4t3Mvf0MokFOMrIMVGN0bENcHIOWkApU7myfB1HJBlPJLh
ajfUYTI=
=66BE
-----END PGP SIGNATURE-----

--
Take a perfect family vacation to Orlando. Click Here.
http://tagline.hushmail.com/fc/Ioyw6h4eQYIF65eSQFBVR6wwgXlRkYwvCKN6EgiDiF407FG2t8YUK8/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] are the NetBIOS-like hacking days over? - wide open citrix services on critical domains
Next by Date: Re: [Full-disclosure] Core Impact 7.5 Web App pen-testing framework, as good as the hype?
Previous by thread: [Full-disclosure] SSHatter 0.6
Next by thread: Re: [Full-disclosure] SSHatter 0.6
Index(es):
- Date
- Thread