-
Stars143
-
Rank 248,260 (Top 6 %)
-
LanguageShell
-
License
GNU General Publi... -
Created over 5 years ago
-
Updated over 4 years ago
Reviews
There are no reviews yet. Be the first to send feedback to the community and the maintainers!
Repository Details
OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473).
+----------------+
| massh-enum 1.0 |
+----------------+
OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473)
This script contains Matthew Daley Python script <https://bugfuzz.com/stuff/ssh-check-username.py>
License: GPLv3, <http://www.gnu.org/licenses/>
Description
OpenSSH versions 2.3 up to 7.4 suffer from a username enumeration vulnerability.
The attacker can try to authenticate a user with a malformed packet (for
example, a truncated packet), and:
- if the user is invalid (it does not exist), then userauth_pubkey()
returns immediately, and the server sends an SSH2_MSG_USERAUTH_FAILURE
to the attacker;
- if the user is valid (it exists), then sshpkt_get_u8() fails, and the
server calls fatal() and closes its connection to the attacker.
More information about this vulnerability:
* https://nvd.nist.gov/vuln/detail/CVE-2018-15473
* http://seclists.org/oss-sec/2018/q3/124
How it works?
# ./bin/massh-enum --hosts 10.240.20.0/28 --users wordlists/users
โบ Generating a list of hosts
โบ Username Enumeration
host: 10.240.20.1 (p:22), found user: root
host: 10.240.20.1 (p:22), found user: supervisor
host: 10.240.20.2 (p:22), found user: root
Requirements
- Bash (testing on 4.4.19)
- Python (testing on 2.7)
- Nmap (testing on 7.70)
More Repositories
1
the-book-of-secret-knowledge
A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
126,393
2
nginx-admins-handbook
How to improve NGINX performance, security, and other important things.Shell
13,342
3
test-your-sysadmin-skills
A collection of Linux Sysadmin Test Questions and Answers. Test your knowledge and skills in different fields with these Q/A.
10,216
4
the-practical-linux-hardening-guide
This guide details creating a secure Linux production system. OpenSCAP (C2S/CIS, STIG).
9,650
5
htrace.sh
My simple Swiss Army knife for http/https troubleshooting and profiling.Shell
3,706
6
sandmap
Nmap on steroids. Simple CLI with the ability to run pure Nmap engine, 31 modules with 459 scan profiles.Shell
1,530
7
iptables-essentials
Iptables Essentials: Common Firewall Rules and Commands.
1,416
8
linux-hardening-checklist
Simple checklist to help you deploying the most important areas of the GNU/Linux production systems - work in progress.
1,251
9
multitor
Create multiple TOR instances with a load-balancing.Shell
991
10
otseca
Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.Shell
471
11
technical-whitepapers
Collection of IT whitepapers, presentations, pdfs; hacking, web app security, db, reverse engineering and more; EN/PL.
460
12
mkchain
Open source tool to help you build a valid SSL certificate chain.Shell
356
13
reload.sh
Wipe, reinstall or restore your system from running GNU/Linux distribution. Via SSH, without rebooting.Shell
264
14
trimstray.github.io
Personal blog [PL/EN].HTML
30
15
trimstray
Something about me.
14