Openssh is one of the biggest ssh systems on the net
this vuln works on all version of openssh on all linux , unix and *bsd systems .
tested on: Freebsd , Centos , Debian(7 n 8) ,Netbsd(in virtual box) , ubuntu and kali
this lets u bruteforce an openssh ssh login , so instead of getting 3 tries u get unlimited tries.
what u need:
1:tor socks
2:one vpn or http proxy
3:an multi threaded ssh cracker with proxy support(like hydra)
4:a target (take someone u dont like or just open a virtual box )
first if u dont got the program 'usewithtor' install it ,
get a wordlist from packetstorm (https://packetstormsecurity.com/Crackers/wordlists)
open 2 terminals and an ssh cracker (use a multithreaded one ) im going to use hydra cuz its fast and got proxy support config hydra with 25 threads, port 22, target ip , http-proxy and a wordlist.
in the second terminal we are going to use tor to connect to the targets ssh and hold the connection like this:
root@1337desi:~# usewithtor ssh -lroot -oKbdInteractiveDevices=`perl -e 'print "pam," x 10000'` targetip
root@TARGETIP's password:
extras: enum some user to have a bigger attack surface
start the ssh cracker and let it do the work and u should get root
this vuln works on all version of openssh on all linux , unix and *bsd systems .
tested on: Freebsd , Centos , Debian(7 n 8) ,Netbsd(in virtual box) , ubuntu and kali
this lets u bruteforce an openssh ssh login , so instead of getting 3 tries u get unlimited tries.
what u need:
1:tor socks
2:one vpn or http proxy
3:an multi threaded ssh cracker with proxy support(like hydra)
4:a target (take someone u dont like or just open a virtual box )
first if u dont got the program 'usewithtor' install it ,
get a wordlist from packetstorm (https://packetstormsecurity.com/Crackers/wordlists)
open 2 terminals and an ssh cracker (use a multithreaded one ) im going to use hydra cuz its fast and got proxy support config hydra with 25 threads, port 22, target ip , http-proxy and a wordlist.
in the second terminal we are going to use tor to connect to the targets ssh and hold the connection like this:
root@1337desi:~# usewithtor ssh -lroot -oKbdInteractiveDevices=`perl -e 'print "pam," x 10000'` targetip
root@TARGETIP's password:
extras: enum some user to have a bigger attack surface
start the ssh cracker and let it do the work and u should get root
No comments:
Post a Comment