From: Tim Brown <timb@nth-dimension.org.uk.>
To: [email protected]Subject: SSHatter 0.6
Date: Sat, 6 Oct 2007 16:53:30 +0100
User-Agent: KMail/1.9.7
Cc: [email protected], [email protected],
[email protected]
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200710061653.31535.timb@nth-dimension.org.uk.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
All,
SSHatter, the SSH brute forcer is now up to release 0.6. New since the last
announcement include:
* Changes allowing rudimentary username enumeration via timing attacks (as
described in
http://www.securityfocus.com/archive/1/archive/1/448025/100/0/threaded) have
been implemented. These changes has been validated against OpenSSH 3.5p1.
* Targets and usernames are now specified in a file and targets can now be
specified one per line in the format <hostname>[:<portnumber>].
* Reconnection can optionally be enabled where support on connection failures
have occurred.
* A default passwords list (taken from
http://www.nth-dimension.org.uk/downloads.php?id=30) has also been added.
* Fixes for systems configured with AllowUsers have added as these systems do
not return "Permission denied" on Net::SSH::Perl->login().
This latest version can be downloaded from
http://www.nth-dimension.org.uk/downloads.php?id=34.
Remember, auditing systems without permission may be a crime, always read the
label.
Tim
Tim Brown
<mailto:timb@nth-dimension.org.uk.>
<http://www.nth-dimension.org.uk/>;
