Irregular Expressions

Apr 26 2013   1:40AM GMT

SSH Brute Force Scanner – Part 4

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

I have made some progress with ‘atack’ just attacking my local analysis machine. I still have lots of work to do but I have figured out some more of what it is up to.

Currently I still do not know the purpose of adding the digits when executing, but I am sure I will figure that out once I start static analysis of the file. Changing the number does not seem to do much, but it could be due to my limited environment and data files that I have created for it.

On my analysis machine I have created two users, and in the data file I am using the interface IP address and the local loopback address as a second system entry.


/unixcod$ cat data.conf
test test
test1 test

/unixcod$ cat ip.conf
127.0.0.1
IPAddress

The test user does not have a home directory created, and test1 does. While examining the strings of ‘atack’ there was mention of home directories but I have not been able to see any difference between the two when I am testing.

If the attempts are successful ‘atack’ respond on the console.

UnixCoD own ->test:test:IPAddress

It will also create a file in the working directory called vuln.txt with a similar list of usernames and addresses.


cat vuln.txt
test:test:IPAddress

Currently it does not attempt to do anything with the compromised accounts, but these are also empty. I am wondering if it will go for any keys sitting in .ssh if they were to exist.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: