[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-basics
Subject:    RE: Re: broute forcing telnet and ssh
From:       "Steve Fletcher" <safletcher () insightbb ! com>
Date:       2005-09-28 15:42:24
Message-ID: 20050928152719.21467.qmail () mail ! securityfocus ! com
[Download RAW message or body]

I did a search on Google and within 15 minutes found a couple of tools.  One
is a script written in expect that will brute force SSH logins while the
other is a program called GuessWho.  I'm sure there are others.  And, it is
possible that someone modified/improved one of these themselves.

HTH,

Steve Fletcher
MCSE (NT4/Win2k), MCSE: Security (Win2k), HP Master ASE, CCNA, Security+
Email:  safletcher@insightbb.com
Web:  http://safletcher.home.insightbb.com

 

-----Original Message-----
From: planbb@telus.net [mailto:planbb@telus.net] 
Sent: Monday, September 26, 2005 3:41 PM
To: security-basics@securityfocus.com
Subject: Re: Re: broute forcing telnet and ssh

I was hoping to find a similar tool. Brutus works well for ftp, http and
telnet auths. I have yet to find a good one for ssh. I was looking for one
as well because a few of the servers at work have been rooted via ssh brute
force. A weak password was to blame. 

There is some sort of program in circulation and I was hoping to find the
code for it. It seems it doesn't just brute force but it checks for typical
usernames and passwords. For example it tries admin, root, apache, vsftpd,
ftpsecure and all those. 

Almost all the secure log files on all the servers were filled with failed
in ssh log attempts. Solution to this was to listen on a different port and
run a daemon that prevents too many failed attempts from one IP. 

I would still very much like to see the ssh brute forcer that they are
using. Anyone know where? 

[prev in list] [next in list] [prev in thread] [next in thread]