| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <200710061653.31535.timb@nth-dimension.org.uk> Date: Sat, 6 Oct 2007 16:53:30 +0100 From: Tim Brown <timb@...-dimension.org.uk> To: full-disclosure@...ts.grok.org.uk Cc: pen-test@...urityfocus.com, bugtraq@...urityfocus.com, news@...uriteam.com Subject: SSHatter 0.6 All, SSHatter, the SSH brute forcer is now up to release 0.6. New since the last announcement include: * Changes allowing rudimentary username enumeration via timing attacks (as described in http://www.securityfocus.com/archive/1/archive/1/448025/100/0/threaded) have been implemented. These changes has been validated against OpenSSH 3.5p1. * Targets and usernames are now specified in a file and targets can now be specified one per line in the format <hostname>[:<portnumber>]. * Reconnection can optionally be enabled where support on connection failures have occurred. * A default passwords list (taken from http://www.nth-dimension.org.uk/downloads.php?id=30) has also been added. * Fixes for systems configured with AllowUsers have added as these systems do not return "Permission denied" on Net::SSH::Perl->login(). This latest version can be downloaded from http://www.nth-dimension.org.uk/downloads.php?id=34. Remember, auditing systems without permission may be a crime, always read the label. Tim -- Tim Brown <mailto:timb@...-dimension.org.uk> <http://www.nth-dimension.org.uk/> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists