Re: SSH bruteforce on its way...
Valdis.Kletnieks_at_vt.edu
Date: 10/25/05
- Previous message: Thorsten Holz: "Re: Dismantling Botnets?"
- In reply to: jouser_at_gmail.com: "Re: SSH bruteforce on its way..."
- Next in thread: Paul Robertson: "Re: SSH bruteforce on its way..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: jouser@gmail.com Date: Mon, 24 Oct 2005 23:13:46 -0400
On Fri, 21 Oct 2005 18:05:27 -0000, jouser@gmail.com said:
> I didn't think it was possible to determine valid usernames by themselves? You
> either have a valid username AND password or not.
So you take the list of 30-40 "installed by default" userids, add a list of 100
or so common first names/last names, prepend/append a single letter (i.e.
starting with "john" and "smith", also try "jsmith" and "johns"). Then try
each of those with a list of common passwords. If you're *really* 31337, you
apply the SSH timing hole to possibly identify valid userids - but it really
isn't needed because it's just as cheap to just try all 40,000 combinations of
userid/password (remember, you're doing this from somebody else's compromised
system).
- application/pgp-signature attachment: stored
- Previous message: Thorsten Holz: "Re: Dismantling Botnets?"
- In reply to: jouser_at_gmail.com: "Re: SSH bruteforce on its way..."
- Next in thread: Paul Robertson: "Re: SSH bruteforce on its way..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
