Monday, April 20, 2020

Osueta: A Simple Python Script To Exploit The OpenSSH User Enumeration Timing Attack

About Osueta?
   Osueta it's a simple Python 2 script to exploit the OpenSSH User Enumeration Timing Attack, present in OpenSSH versions <= 7.2 and >= 5.*. The script has the ability to make variations of the username employed in the bruteforce attack, and the possibility to establish a DoS condition in the OpenSSH server.

    Read more: OpenSSH User Enumeration Time-Based Attack

   The bug was corrected in OpenSSH version 7.3.

   Authors of Osueta:

Osueta's Installation
   For Linux users, open your Terminal and enter these commands:
   If you're Windows users, follow these steps:
  • Install Python 2.7.x from first. On Install Python 2.7.x Setup, choose Add python.exe to Path.
  • Download Osueta-master zip file.
  • Then unzip it.
  • Open CMD or PowerShell window at the Osueta folder you have just unzipped and enter these commands:
    pip install python-nmap paramiko IPy
    python -h

Advice: Like others offensive tools, the authors disclaims all responsibility in the use of this script.

Osueta help menu:

Osueta's examples:
   A single user enumeration attempt with username variations:
python2 -H -p 22 -U root -d 30 -v yes

   A single user enumeration attempt with no user variations a DoS attack:
python2 -H -p 22 -U root -d 30 -v no --dos yes

   Scanning a C class network with only one user:
python2 -H -p 22 -U root -v no 

   Scanning a C class network with usernames from a file, delay time 15 seconds and a password of 50000 characters:
python2 -H -p 22 -L usernames.txt -v yes -d 15 -l 50

Related articles

  1. Hackers Toolbox
  2. Pentest Tools Bluekeep
  3. Hacking Tools Software
  4. Pentest Tools Subdomain
  5. Hack Tools Mac
  6. Hacking Tools Pc
  7. Hacker Tools Github
  8. Hacking Tools 2019
  9. Pentest Tools
  10. Top Pentest Tools
  11. Hacking Tools Name
  12. Kik Hack Tools
  13. Pentest Tools Android
  14. Hacking Tools Name
  15. Hacking Tools 2019
  16. What Are Hacking Tools


Post a Comment


Twitter Delicious Facebook Digg Stumbleupon Favorites