关联漏洞
标题:
OpenSSH 信息泄露漏洞
(CVE-2016-6210)
描述:OpenSSH(OpenBSD Secure Shell)是加拿大OpenBSD计划组的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源实现,支持对所有的传输进行加密,可有效阻止窃听、连接劫持以及其他网络级的攻击。 OpenSSH 7.3之前版本中的sshd存在信息泄露漏洞。该漏洞源于网络系统或产品在运行过程中存在配置等错误。未授权的攻击者可利用漏洞获取受影响组件敏感信息。
描述
User name enumeration against SSH daemons affected by CVE-2016-6210.
介绍
# CVE-2016-6210
User name enumeration against SSH daemons affected by CVE-2016-6210.
Use against your own hosts only! Attacking stuff you are not permitted to may put you in big trouble!
# INSTALATION
### Clone the Repository:
git clone https://github.com/coolbabayaga/CVE-2016-6210.git
cd ssh-enum-cve-2016-6210
### Create and Activate a Virtual Environment (Optional but recommended):
python3 -m venv venv
source venv/bin/activate
### Install Dependencies:
pip install -r requirements.txt
### Run the Script:
40136.py -h
# USAGE
#### usage: 40136.py [-h] [-u USER | -U USERLIST] [-e] [-s] [--bytes BYTES] [--samples SAMPLES] [--factor FACTOR] [--trials TRIALS] host
#
example: 40136.py -U /usr/share/wordlists/metasploit/unix_users.txt -e -s 192.168.44.63:22
positional arguments:
host Give SSH server address like ip:port or just by ip
options:
-h, --help show this help message and exit
-u, --user USER Give a single user name
-U, --userlist USERLIST
Give a file containing a list of users
-e, --enumerated Only show enumerated users
-s, --silent Silent mode
--bytes BYTES Bytes to send as password
--samples SAMPLES Samples for baseline timing
--factor FACTOR Factor for timing boundary
--trials TRIALS Trials per user
文件快照
[4.0K] /data/pocs/990cefcaed9764ae054e015edb08f90d2487caf7
├── [4.0K] 40136.py
├── [1.4K] README.md
└── [ 31] requirements.txt
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。