[Full-disclosure] SSHatter 0.6



All,

SSHatter, the SSH brute forcer is now up to release 0.6. New since the last
announcement include:

* Changes allowing rudimentary username enumeration via timing attacks (as
described in
http://www.securityfocus.com/archive/1/archive/1/448025/100/0/threaded) have
been implemented. These changes has been validated against OpenSSH 3.5p1.

* Targets and usernames are now specified in a file and targets can now be
specified one per line in the format <hostname>[:<portnumber>].

* Reconnection can optionally be enabled where support on connection failures
have occurred.

* A default passwords list (taken from
http://www.nth-dimension.org.uk/downloads.php?id=30) has also been added.

* Fixes for systems configured with AllowUsers have added as these systems do
not return "Permission denied" on Net::SSH::Perl->login().

This latest version can be downloaded from
http://www.nth-dimension.org.uk/downloads.php?id=34.

Remember, auditing systems without permission may be a crime, always read the
label.

Tim
--
Tim Brown
<mailto:timb@xxxxxxxxxxxxxxxxxxxx>
<http://www.nth-dimension.org.uk/>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/