CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/auxiliary/scanner/ssh/ssh_enumusers.md
Views: 1904
Introduction
This module uses a malformed packet or timing attack to enumerate users on an OpenSSH server.
Testing note: invalid users were logged, while valid users were not. YMMV.
Actions
Malformed Packet
The default action sends a malformed (corrupted) SSH_MSG_USERAUTH_REQUEST
packet using public key authentication (must be enabled) to enumerate users.
Timing Attack
On some versions of OpenSSH under some configurations, OpenSSH will return a "permission denied" error for an invalid user faster than for a valid user, creating an opportunity for a timing attack to enumerate users.
Options
USERNAME
Single username to test (username spray).
USER_FILE
File containing usernames, one per line.
THRESHOLD
Amount of seconds needed before a user is considered found (timing attack only).
CHECK_FALSE
Check for false positives (random username).