About Osueta?
Osueta it's a unproblematic Python 2 script to exploit the OpenSSH User Enumeration Timing Attack, acquaint inwards OpenSSH versions <= 7.2 together with >= 5.*. The script has the mightiness to brand variations of the username employed inwards the bruteforce attack, together with the possibility to flora a DoS status inwards the OpenSSH server.
Read more: OpenSSH User Enumeration Time-Based Attack
The põrnikas was corrected inwards OpenSSH version 7.3.
Authors of Osueta:
- c0r3dump3d: coredump@autistici.org
- rofen: rofen@gmx.de
Osueta's Installation
For Linux users, opened upwardly your Terminal together with come inwards these commands:
If you're Windows users, follow these steps:
- Install Python 2.7.x from Python.org first. On Install Python 2.7.x Setup, select Add python.exe to Path.
- Download Osueta-master cypher file.
- Then unzip it.
- Open CMD or PowerShell window at the Osueta folder you lot convey only unzipped together with come inwards these commands:
pip install python-nmap paramiko IPypython osueta.py -h
Advice: Like others offensive tools, the authors disclaims all responsibleness inwards the role of this script.
Osueta handle menu:
Osueta's examples:
A unmarried user enumeration endeavor amongst username variations:
python2 osueta.py -H 192.168.1.6 -p 22 -U root -d xxx -v yesA unmarried user enumeration endeavor amongst no user variations a DoS attack:
python2 osueta.py -H 192.168.1.6 -p 22 -U root -d xxx -v no --dos yesScanning a C course of teaching network amongst exclusively i user:
python2 osueta.py -H 192.168.1.0/24 -p 22 -U root -v no Scanning a C course of teaching network amongst usernames from a file, delay fourth dimension xv seconds together with a password of 50000 characters:
python2 osueta.py -H 192.168.1.0/24 -p 22 -L usernames.txt -v yeah -d xv -l 50
0 comments:
Post a Comment