Skip to main content

Osueta: A Simple Python Script To Exploit The OpenSSH User Enumeration Timing Attack

By admin

About Osueta?
   Osueta it's a simple Python 2 script to exploit the OpenSSH User Enumeration Timing Attack, present in OpenSSH versions <= 7.2 and >= 5.*. The script has the ability to make variations of the username employed in the bruteforce attack, and the possibility to establish a DoS condition in the OpenSSH server.

    Read more: OpenSSH User Enumeration Time-Based Attack

   The bug was corrected in OpenSSH version 7.3.

   Authors of Osueta:

Osueta's Installation
   For Linux users, open your Terminal and enter these commands:
   If you're Windows users, follow these steps:
  • Install Python 2.7.x from Python.org first. On Install Python 2.7.x Setup, choose Add python.exe to Path.
  • Download Osueta-master zip file.
  • Then unzip it.
  • Open CMD or PowerShell window at the Osueta folder you have just unzipped and enter these commands:
    pip install python-nmap paramiko IPy
    python osueta.py -h

Advice: Like others offensive tools, the authors disclaims all responsibility in the use of this script.

Osueta help menu:

Osueta's examples:
   A single user enumeration attempt with username variations:
python2 osueta.py -H 192.168.1.6 -p 22 -U root -d 30 -v yes

   A single user enumeration attempt with no user variations a DoS attack:
python2 osueta.py -H 192.168.1.6 -p 22 -U root -d 30 -v no --dos yes

   Scanning a C class network with only one user:
python2 osueta.py -H 192.168.1.0/24 -p 22 -U root -v no 

   Scanning a C class network with usernames from a file, delay time 15 seconds and a password of 50000 characters:
python2 osueta.py -H 192.168.1.0/24 -p 22 -L usernames.txt -v yes -d 15 -l 50

Related links


Comments

Post a Comment

Popular posts from this blog

The Base Blockchain Airdrop: Hidden Opportunities You Don’t Want to Miss!

By admin
The Base blockchain, supported by Coinbase, is making waves in the crypto space with its surging Total Value Locked (TVL) and potential airdrop opportunities. In this article, we'll dive deep into Base's ecosystem, its key protocols, and strategies for maximizing potential rewards. We'll also explore SynFutures, a standout perpetual protocol, and other exciting opportunities that could set the stage for a lucrative airdrop. Base Blockchain: A Rising Star Current Status Base has climbed to the sixth position among blockchains in terms of TVL, surpassing even Arbitrum, the long-time leader in Ethereum Layer 2 solutions. With $4 billion+ in TVL , Base's rapid growth is drawing attention from the crypto community. Why the Excitement Around a Potential Airdrop? Coinbase Backing: As a leading exchange, Coinbase's involvement ensures credibility and innovation. Changing Regulations: With evolving regulatory clarity, there's renewed optimism for potential rewards lik...
Post a Comment
Read more

6 Airdrops You Probably Won — Check Now and Claim Your Rewards!

By admin
6 Airdrops You Probably Won — Check Now and Claim Your Rewards! The world of cryptocurrency is witnessing yet another resurgence of airdrops, with projects rushing to capitalize on the market's bullish momentum. These distributions present a golden opportunity for crypto enthusiasts to claim free tokens, often with significant market valuations. In this guide, we'll break down six exciting airdrops that are currently claimable and provide actionable steps to maximize your rewards. Why Cryptocurrency Airdrops Are a Big Deal Airdrops are not a new phenomenon in the crypto world, but their resurgence in 2024 has been remarkable. Two main factors contribute to their growing popularity: 1. High Market Valuations: Recent examples include: Hype by Hyper Liquid: Market cap peaked at $10 billion. Move by Movement: Touched $2.3 billion. Pengu by Pudgy Penguins: Reached $4.2 billion during its launch. 2. Frenzied Project Launches: Many projects are fast-tracking token releases to rid...
Post a Comment
Read more

When Berachain Meets AI: 9 Projects Riding the Next Big Wave

By admin
Artificial Intelligence (AI) and blockchain are arguably two of the hottest narratives in tech today. With Berachain's mainnet launch just around the corner, combining AI with this innovative blockchain opens up exciting possibilities. In this article, we'll dive into nine AI-driven projects on Berachain, each offering unique use cases and solutions. Baosdotfun 1. Baosdotfun: The Launchpad for AI DAOs Baosdotfun acts as an incubator for AI-driven DAOs, focusing on areas like yield farming and trading strategies. Their "DAO seasons" introduce new AI agents every few months, providing fresh opportunities for users. Key features: Supports multiple AI agents. Focus on decentralized autonomous organizations (DAOs). Official Links: Baosdotfun Website Baosdotfun on Twitter Beradigm 2. Beradigm: Maximizing BGT Farming Beradigm specializes in yield farming to accumulate BGT, a governance token central to Berachain's ecosystem. Using AI, Beradigm optimizes farming strategie...
Post a Comment
Read more