epi052 / cve-2018-15473 Goto Github PK
View Code? Open in Web Editor NEWMulti-threaded, IPv6 aware, wordlists/single-user username enumeration via CVE-2018-15473
License: Other
cve-2018-15473's People
Stargazers
Watchers
Forkers
c002 adelittle surajsinghbisht054 zilong3033 aiminsun marianomilanesi avrah msxdan mohinparamasivam bugpie54 hartl3y94 himrpei phoz0n cwh945 cyberindia1 chengcheng227 redbready despratesparten itcytandchenmeng blank233 sankarganeshkumar asergfd aidan-gibson mathmore0000 psyirius lawrencelee98 abousidibe saksham2002 mathzrocha newengce26 cyberaguiarcve-2018-15473's Issues
not running
File "/home/bunter/cve-2018-15473/ssh-username-enum.py", line 27, in import paramiko ModuleNotFoundError: No module named 'paramiko'
Don't waste time on this
The code is no longer valid, seems like modules have been updated without testing.
'AuthHandler' has no attribute '_client_handler_table'
pip3 install -r requirements.txt
Requirement already satisfied: asn1crypto==0.24.0 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 1)) (0.24.0)
Requirement already satisfied: bcrypt==3.1.4 in /usr/local/lib/python3.7/dist-packages (from -r requirements.txt (line 2)) (3.1.4)
Requirement already satisfied: cffi==1.11.5 in /usr/local/lib/python3.7/dist-packages (from -r requirements.txt (line 3)) (1.11.5)
Requirement already satisfied: cryptography==2.3.1 in /usr/local/lib/python3.7/dist-packages (from -r requirements.txt (line 4)) (2.3.1)
Requirement already satisfied: idna==2.7 in /usr/local/lib/python3.7/dist-packages (from -r requirements.txt (line 5)) (2.7)
Collecting paramiko==2.4.1
Using cached paramiko-2.4.1-py2.py3-none-any.whl (194 kB)
Requirement already satisfied: pyasn1==0.4.4 in /usr/local/lib/python3.7/dist-packages (from -r requirements.txt (line 7)) (0.4.4)
Requirement already satisfied: pycparser==2.18 in /usr/local/lib/python3.7/dist-packages (from -r requirements.txt (line 8)) (2.18)
Requirement already satisfied: PyNaCl==1.2.1 in /usr/local/lib/python3.7/dist-packages (from -r requirements.txt (line 9)) (1.2.1)
Requirement already satisfied: six==1.11.0 in /usr/local/lib/python3.7/dist-packages (from -r requirements.txt (line 10)) (1.11.0)
Installing collected packages: paramiko
Attempting uninstall: paramiko
Found existing installation: paramiko 2.0.8
Uninstalling paramiko-2.0.8:
Successfully uninstalled paramiko-2.0.8
Successfully installed paramiko-2.4.1
python3 ssh-username-enum.py -p 22 -u root
[+] OpenSSH version 7.2 found
Traceback (most recent call last):
File "ssh-username-enum.py", line 203, in
main(**vars(args))
File "ssh-username-enum.py", line 172, in main
apply_monkey_patch()
File "ssh-username-enum.py", line 85, in apply_monkey_patch
old_msg_service_accept = auth_handler._client_handler_table[paramiko.common.MSG_SERVICE_ACCEPT]
AttributeError: type object 'AuthHandler' has no attribute '_client_handler_table'
Error
fixer@fixer:~/SALAT/cve-2018-15473$ ./ssh-username-enum.py -u epi 80.93.26.***
[+] OpenSSH version 7.4 found
Traceback (most recent call last):
File "/home/fixer/SALAT/cve-2018-15473/./ssh-username-enum.py", line 203, in
main(**vars(args))
File "/home/fixer/SALAT/cve-2018-15473/./ssh-username-enum.py", line 172, in main
apply_monkey_patch()
File "/home/fixer/SALAT/cve-2018-15473/./ssh-username-enum.py", line 85, in apply_monkey_patch
old_msg_service_accept = auth_handler._client_handler_table[paramiko.common.MSG_SERVICE_ACCEPT]
TypeError: 'property' object is not subscriptable
How to fix it?
Fixed the issue in my fork
AFAIK the issue is fixed in my fork here https://github.com/aidan-gibson/cve-2018-15473
All I did was change paramiko from 2.4.1 to 2.3.3
Blowfish has been deprecated
/usr/lib/python3/dist-packages/paramiko/transport.py:236: CryptographyDeprecationWarning: Blowfish has been deprecated
"class": algorithms.Blowfish,
Small problem
The tool run correctly but I created a random wordlist and it says for all "found".
It can be also maybe a problem with the server...
I know the service is vulnerable because I found the vuln with nmap scan with --script vuln.
└─$ python3 ssh-username-enum.py -v -u jzoeifjoiejfoizejfoziefojzi server_adress
[+] OpenSSH version 7.4 found
[+] jzoeifjoiejfoizejfoziefojzi found!
Xprogrammer777
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.