FreshRSS

πŸ”’
❌ Secure Planet Training Courses Updated For 2019 - Click Here
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
☐ β˜† βœ‡ The Hacker News

Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining

By: Newsroom β€” December 27th 2023 at 05:29
Poorly secured Linux SSH servers are being targeted by bad actors to install port scanners and dictionary attack tools with the goal of targeting other vulnerable servers and co-opting them into a network to carry out cryptocurrency mining and distributed denial-of-service (DDoS) attacks. "Threat actors can also choose to install only scanners and sell the breached IP and account credentials on
☐ β˜† βœ‡ KitPloit - PenTest Tools!

Cbrutekrag - Penetration Tests On SSH Servers Using Brute Force Or Dictionary Attacks. Written In C

By: Zion3R β€” May 16th 2023 at 12:30


Penetration tests on SSH servers using dictionary attacks. Written in C.

brute krag means "brute force" in afrikΓ‘ans

Disclaimer

This tool is for ethical testing purpose only.
cbrutekrag and its owners can't be held responsible for misuse by users.
Users have to act as permitted by local law rules.

Β 

Requirements

cbrutekrag uses libssh - The SSH Library (http://www.libssh.org/)

Build

Requirements:

  • make
  • gcc compiler
  • libssh-dev
git clone --depth=1 https://github.com/matricali/cbrutekrag.git
cd cbrutekrag
make
make install

Static build

Requirements:

  • cmake
  • gcc compiler
  • make
  • libssl-dev
  • libz-dev
git clone --depth=1 https://github.com/matricali/cbrutekrag.git
cd cbrutekrag
bash static-build.sh
make install

Run

OpenSSH Brute force tool 0.5.0 __/ | (c) Copyright 2014-2022 Jorge Matricali |___/ usage: ./cbrutekrag [-h] [-v] [-aA] [-D] [-P] [-T TARGETS.lst] [-C combinations.lst] [-t THREADS] [-o OUTPUT.txt] [TARGETS...] -h This help -v Verbose mode -V Verbose mode (sshlib) -s Scan mode -D Dry run -P Progress bar -T <targets> Targets file -C <combinations> Username and password file -t <threads> Max threads -o <output> Output log file -a Accepts non OpenSSH servers -A Allow servers detected as honeypots." dir="auto">
$ cbrutekrag -h
       _                _       _
      | |              | |     | |
  ___ | |__  _ __ _   _| |_ ___| | ___ __ __ _  __ _
 / __|| '_ \| '__| | | | __/ _ \ |/ / '__/ _` |/ _` |
| (__ | |_) | |  | |_| | ||  __/   <| | | (_| | (_| |
 \___||_.__/|_|   \__,_|\__\___|_|\_\_|  \__,_|\__, |
          OpenSSH Brute force tool 0.5.0        __/ |
      (c) Copyright 2014-2022 Jorge Matricali  |___/


usage: ./cbrutekrag [-h] [-v] [-aA] [-D] [-P] [-T TARGETS.lst] [-C combinations.lst]
		[-t THREADS] [-o OUTPUT.txt] [TARGETS...]

  -h                This help
  -v                Verbose mode
  -V                Verbose mode (sshlib)
  -s                Scan mode
  -D                Dry run
  -P                Progress bar
  -T <targets>      Targets file
  -C <combinations> Username and password file  -t <threads>      Max threads
  -o <output>       Output log file
  -a                Accepts non OpenSSH servers
  -A                Allow servers detected as honeypots.

Example usages

cbrutekrag -T targets.txt -C combinations.txt -o result.log
cbrutekrag -s -t 8 -C combinations.txt -o result.log 192.168.1.0/24

Supported targets syntax

  • 192.168.0.1
  • 10.0.0.0/8
  • 192.168.100.0/24:2222
  • 127.0.0.1:2222

Combinations file format

root root
root password
root $BLANKPASS$


☐ β˜† βœ‡ Naked Security

Slack admits to leaking hashed passwords for five years

By: Paul Ducklin β€” August 8th 2022 at 15:14
"When those invitations went out... somehow, your password hash went out with them."

❌