forked from trimstray/massh-enum
-
Notifications
You must be signed in to change notification settings - Fork 0
OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473).
License
torrycrass/massh-enum
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
+----------------+
| massh-enum 1.0 |
+----------------+
OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473)
This script contains Matthew Daley Python script <https://bugfuzz.com/stuff/ssh-check-username.py>
License: GPLv3, <http://www.gnu.org/licenses/>
Description
OpenSSH versions 2.3 up to 7.4 suffer from a username enumeration vulnerability.
The attacker can try to authenticate a user with a malformed packet (for
example, a truncated packet), and:
- if the user is invalid (it does not exist), then userauth_pubkey()
returns immediately, and the server sends an SSH2_MSG_USERAUTH_FAILURE
to the attacker;
- if the user is valid (it exists), then sshpkt_get_u8() fails, and the
server calls fatal() and closes its connection to the attacker.
More information about this vulnerability:
* https://nvd.nist.gov/vuln/detail/CVE-2018-15473
* http://seclists.org/oss-sec/2018/q3/124
How it works?
# ./bin/massh-enum --hosts 10.240.20.0/28 --users wordlists/users
› Generating a list of hosts
› Username Enumeration
host: 10.240.20.1 (p:22), found user: root
host: 10.240.20.1 (p:22), found user: supervisor
host: 10.240.20.2 (p:22), found user: root
Requirements
- Bash (testing on 4.4.19)
- Python (testing on 2.7)
- Nmap (testing on 7.70)
About
OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473).
Resources
License
Code of conduct
Stars
Watchers
Forks
Packages 0
No packages published
Languages
- Shell 84.0%
- Python 16.0%