Skip to content
/ osueta Public
forked from c0r3dump3d/osueta

A simple Python script to exploit the OpenSSH User Enumeration Timing Attack.

License

Notifications You must be signed in to change notification settings

r0f3n/osueta

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

    ***************************************************************************
    *                  ___                 ___ ___ _  _                       *
    *                 / _ \ _ __  ___ _ _ / __/ __| || |                      *
    *                | (_) | '_ \/ -_) ' \\__ \__ \ __ |                      *
    *                 \___/| .__/\___|_||_|___/___/_||_|                      *
    *                      |_|                                                *
    *   _   _               ___                             _   _             *
    *  | | | |___ ___ _ _  | __|_ _ _  _ _ __  ___ _ _ __ _| |_(_)___ _ _     *
    *  | |_| (_-</ -_) '_| | _|| ' \ || | '  \/ -_) '_/ _` |  _| / _ \ ' \    *
    *   \___//__/\___|_|   |___|_||_\_,_|_|_|_\___|_| \__,_|\__|_\___/_||_|   *
    *                                                                         *
    *          _____ _       _               _  _   _           _             *
    *         |_   _(_)_ __ (_)_ _  __ _    /_\| |_| |_ __ _ __| |__          *
    *           | | | | '  \| | ' \/ _` |  / _ \  _|  _/ _` / _| / /          *
    *           |_| |_|_|_|_|_|_||_\__, | /_/ \_\__|\__\__,_\__|_\_\          *
    *                              |___/                                      *
    ***************************************************************************

What's OSUETA?

    Osueta it's a simple Python script to exploit the OpenSSH User Enumeration Timing Attack, 
    present in OpenSSH versions 5.* and 6.*. The script has the ability to make variations
    of the username employed in the bruteforce attack, and the possibility to establish
    a DOS condition in the OpenSSH server. 

    http://cureblog.de/openssh-user-enumeration-time-based-attack/
    http://seclists.org/fulldisclosure/2013/Jul/88 
    http://www.devconsole.info/?p=341
http://www.devconsole.info/?p=382
http://www.devconsole.info/?p=493
http://www.devconsole.info/?p=782

Advice:

Like others offensive tools, the authors disclaims all responsibility in the use of this script.

Installing:

    # apt-get install python-ipy python-nmap python-paramiko
    git clone https://github.com/c0r3dump3d/osueta.git 

Usage:

usage: osueta.py [-h] [-H HOST] [-k HFILE] [-f FQDN] [-p PORT] [-L UFILE]
             [-U USER] [-d DELAY] [-v VARI] [-o OUTP] [--dos DOS]
             [-t THREADS]

OpenSSH User Enumeration Time-Based Attack

optional arguments:
  -h, --help  show this help message and exit
  -H HOST     Host ip or CIDR netblock to attack.
  -k HFILE    Host list in a file.
  -f FQDN     FQDN to attack.
  -p PORT     Host port.
  -L UFILE    Username list file.
  -U USER     Only use a single username.
  -d DELAY    Time delay in seconds (default 20 seconds).
  -v VARI     Make variations of the username (default yes).
  -o OUTP     Output file with positive results.
  --dos DOS   Try to make a DOS attack (default no).
  -t THREADS  Threads for the DOS attack (default 5).

Example:

* A single user enumeration attempt with username variations:

        ./osueta.py -H 192.168.1.6 -p 22 -U root -d 30 -v yes

* A single user enumeration attempt with no user variations a dos attack:

        ./osueta.py -H 192.168.1.6 -p 22 -U root -d 30 -v no --dos yes

* Scanning a C class network with only one user:

	./osueta -H 192.168.1.0/24 -p 22 -U root -v no 

Authors:

    c0r3dump | coredump<@>autistici.org
    rofen | rofen<@>gmx.de

About

A simple Python script to exploit the OpenSSH User Enumeration Timing Attack.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%