lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Sun, 07 Oct 2007 10:39:40 -0400
From: <full-disclosure@...hmail.com>
To: <full-disclosure@...ts.grok.org.uk>,<timb@...-dimension.org.uk>
Cc: pen-test@...urityfocus.com, bugtraq@...urityfocus.com, news@...uriteam.com
Subject: Re: SSHatter 0.6

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This tools seems useless.

On Sat, 06 Oct 2007 11:53:30 -0400 Tim Brown <timb@...-
dimension.org.uk> wrote:
>All,
>
>SSHatter, the SSH brute forcer is now up to release 0.6.  New
>since the last
>announcement include:
>
>* Changes allowing rudimentary username enumeration via timing
>attacks (as
>described in
>http://www.securityfocus.com/archive/1/archive/1/448025/100/0/threa
>ded) have
>been implemented.  These changes has been validated against
>OpenSSH 3.5p1.
>
>* Targets and usernames are now specified in a file and targets
>can now be
>specified one per line in the format <hostname>[:<portnumber>].
>
>* Reconnection can optionally be enabled where support on
>connection failures
>have occurred.
>
>* A default passwords list (taken from
>http://www.nth-dimension.org.uk/downloads.php?id=30) has also been
>added.
>
>* Fixes for systems configured with AllowUsers have added as these
>systems do
>not return "Permission denied" on Net::SSH::Perl->login().
>
>This latest version can be downloaded from
>http://www.nth-dimension.org.uk/downloads.php?id=34.
>
>Remember, auditing systems without permission may be a crime,
>always read the
>label.
>
>Tim
>--
>Tim Brown
><mailto:timb@...-dimension.org.uk>
><http://www.nth-dimension.org.uk/>
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Charset: UTF8
Version: Hush 2.5

wpwEAQECAAYFAkcI76wACgkQ+dWaEhErNvSKMgP/Wdbi++Go+XYTWHPx3MT74qPyha/t
xSv8IMyt6zvck+h44OPeKMEQAT0Z0beMVs2b1WZd1MdcBKjV5eL+BR//bf1uvbPzlO6n
IqV2qETwAMDb65TvOH3Eta4t3Mvf0MokFOMrIMVGN0bENcHIOWkApU7myfB1HJBlPJLh
ajfUYTI=
=66BE
-----END PGP SIGNATURE-----

--
Take a perfect family vacation to Orlando. Click Here.
http://tagline.hushmail.com/fc/Ioyw6h4eQYIF65eSQFBVR6wwgXlRkYwvCKN6EgiDiF407FG2t8YUK8/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ