Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/trimstray/massh-enum

OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473).
https://github.com/trimstray/massh-enum

accounts cve cve-2018-15473 enumeration openssh ssh users vulnerability

Last synced: 24 days ago
JSON representation

OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473).

Host: GitHub
URL: https://github.com/trimstray/massh-enum
Owner: trimstray
License: gpl-3.0
Created: 2018-08-17T23:48:15.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2019-11-15T08:12:32.000Z (about 5 years ago)
Last Synced: 2024-08-05T17:45:36.139Z (4 months ago)
Topics: accounts, cve, cve-2018-15473, enumeration, openssh, ssh, users, vulnerability
Language: Shell
Homepage:
Size: 42 KB
Stars: 146
Watchers: 5
Forks: 35
Open Issues: 2
Metadata Files:
- Readme: README
- Contributing: .github/CONTRIBUTING.md
- License: LICENSE.md
- Code of conduct: .github/CODE_OF_CONDUCT.md

Awesome Lists containing this project

awesome-hacking-lists - trimstray/massh-enum - OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473). (Shell)

README

+----------------+
| massh-enum 1.0 |
+----------------+

OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473)

This script contains Matthew Daley Python script

License: GPLv3,

Description

OpenSSH versions 2.3 up to 7.4 suffer from a username enumeration vulnerability.

The attacker can try to authenticate a user with a malformed packet (for
example, a truncated packet), and:

- if the user is invalid (it does not exist), then userauth_pubkey()
returns immediately, and the server sends an SSH2_MSG_USERAUTH_FAILURE
to the attacker;

- if the user is valid (it exists), then sshpkt_get_u8() fails, and the
server calls fatal() and closes its connection to the attacker.

More information about this vulnerability:
* https://nvd.nist.gov/vuln/detail/CVE-2018-15473
* http://seclists.org/oss-sec/2018/q3/124

How it works?

# ./bin/massh-enum --hosts 10.240.20.0/28 --users wordlists/users
› Generating a list of hosts
› Username Enumeration
host: 10.240.20.1 (p:22), found user: root
host: 10.240.20.1 (p:22), found user: supervisor
host: 10.240.20.2 (p:22), found user: root

Requirements

- Bash (testing on 4.4.19)
- Python (testing on 2.7)
- Nmap (testing on 7.70)