OpenSSH (also known as OpenBSD Secure Shell) is a suite of security-related network-level utilities based on the Secure Shell (SSH) protocol, which help to secure network communications via the encryption of network traffic over multiple authentication methods and by providing secure tunneling capabilities.
OpenSSH was designed to evade various attacks like MITM , eavesdropping by encrypting all the traffic but an attack known as User-Enumeration Time Based Attack was discovered which helps in effectively increasing the brute force attack efficiency by guessing the usernames firsthand as in a Brute Force attack two fields are required Username and Password and we will be able to guess the Username correctly thus decreasing the time required for Brute Force Attack as of now only Password field is to be Brute Forced.
First clone the github repo with the terminal command:
git clone https://github.com/c0r3dump3d/osueta.git
Now change your directory to osueta and run the following command:
python osueta.py –H 192.168.222.136 –U pp –p 22
-H (Openssh server host i.e. victim IP -192.168.222.136 in my case)
-U (any guessed username which can be present on the victim machine – pp in my case)
-p (port no. of the running ssh service – 22 in our case )
Firstly it checks if the given port is open or not and then service banner is detected to know the version of the running ssh server.
Now it generates 10 random usernames to try against the target server to test the time measurement of the server i.e. test the delay time of the server . After that it test the server with provided username and if there is delay in user authentication then the user exist as in my case the user pp exists on the target server
We can also pass a list of users as the input to check against all the usernames in the list with command:
./osueta.py –H 192.168.222.136 –L users.txt –p 22
-L (users input file –users.txt in my case)
As in my case it has successfully enumerated the following username from the given list
We can also create a DOS(Denial Of Service) like situation on the target server with the command:
./osueta.py –H 192.168.222.1376 –p 22 –U pp –v no --dos yes
--dos (if you want to create a DOS situation -yes)
Now firstly it will detect if the given user exists if yes then it generates a lot of connections to the target server and when the number of sessions is reached the target server starts to reject the rest of the connections causing a DOS.
As you can see the target server is denying any connection when i try to connect with it.