Jump to content

Invite Scene - #1 to Buy, Sell, Trade or Find Free Torrent Invites

#1 TorrentInvites Community. Buy, Sell, Trade or Find Free Torrent Invites for Every Private Torrent Trackers. HDB, BTN, AOM, DB9, PTP, RED, MTV, EXIGO, FL, IPT, TVBZ, AB, BIB, TIK, EMP, FSC, GGN, KG, MTTP, TL, TTG, 32P, AHD, CHD, CG, OPS, TT, WIHD, BHD, U2 etc.

LOOKING FOR HIGH QUALITY SEEDBOX? EVOSEEDBOX.COM PROVIDES YOU BLAZING FAST & HIGH END SEEDBOXES | STARTING AT $5.00/MONTH!

Bug in OpenSSH Opens Linux Machines to Password Cracking Attack

Crypto

By Crypto
in Security Hive

 Share

Recommended Posts

Crypto Newbie

Crypto

Posted
Posted
 

 

openssh-password-cracking-tool
A simple but highly critical vulnerability recently disclosed in the most widely used OpenSSH software allows attackers to try thousands of password login attempts per connection in a short period.
 
OpenSSH is the most popular software widely used for secure remote access to Linux-based systems. Generally, the software allows 3 to 6 Password login attempts before closing a connection, but a new vulnerability lets attackers perform thousands of authentication requests remotely.
 
OpenSSH servers with keyboard-interactive authentication enabled, including FreeBSD Linux, can be exploited to carry out the brute force attack on OpenSSH protocol, a security researcher with online alias KingCope explained in a blog post.
 
 
 

Exploit for the Vulnerability RELEASED 

 
Hackers could widely exploit the vulnerability because the keyboard-interactive authentication is by default enabled on most of the systems.
 
Researcher has also released a proof-of-concept exploit code, which is just a command, as follows:
ssh -lusername -oKbdInteractiveDevices=`perl -e 'print "pam," x 10000'` targethost
This simple command effectively allows up to 10,000 password attempts within two minutes of login grace time.
 
"The crucial part is that if the attacker requests 10,000 keyboard-interactive devices OpenSSH will gracefully execute the request and will be inside a loop to accept passwords until the specified devices are exceeded," KingCope said.
 
However, depending on the connection and the victim's Linux machine, two minutes of 'grace period' and thousands of login attempts are enough to achieve successful login by using dictionary attackwith a word-list of most commonly used passwords.
 
The vulnerability is present in the latest version of OpenSSH, which is Version 6.9.
 

How to Mitigate the Attack?

 
Administrators are advised to take following precautions until OpenSSH releases an official patch to address the issue:
 
  • Use a cryptographic  key pair that is at least 2,048 Bits in length
  • Always Use a Strong Password to protect your Private Key
  • Reducing the grace period to 20 or 30 seconds
  • Use Fail2Ban or Pam-Shield to limit failed login attempts

do you understand            if you having fun?                  it's a rising sun                           it's a man killing                              what's that feelin'

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Check out what our members are saying

    cprado
    Inviter is a professional in a world of shady dealers. He is 100% honest and he always does what he says he will. It is the nature of buying invites and accounts that there will …
    LTwithamap
    Seller is great! Fast to respond and reliable. Had to wait but it's reasonable since seller is at work. 10/10 would buy something else again in the future.
    Prtycutie
     That was awesome 💯💯, I have been looking for invitations for a long time and I was completely disappointed but now with @Inviter i registered in the site I wanted. Thanks a lot …
    entrailz
    Seems to work fine for now - will have to wait and see what the future holds.
    orgazmatron
    Quick, to the point, good job invitescene !
    Escanor1234
    great service
    Xeeder
    Reliable and professional service, prompt communication, excellent execution. 
    lolopopo72
    Well, he was really fast and loved that he didn't ask much and simply sent me an invite. 😊 It was painless and prompt. Thanks a lot, man.
    inann
    Trustable seller, 100% money back guaranteed. Traded ptp, bibliotik and cinematik.
    LOPEZ768
    Fast and reliable, highly recommend. 
    OvaTheMoon
    Inviter is awesome. Very fast and friendly. Excellent in answering questions and quick transactions. Will do business with again.
    Legobrah
    Promptly and effectively fixed a problem with one of the product (my error, not seller's). Will definitely be back and will recommend to others as a quality vendor. 5/5 Stars. A…
    Zheltyy
    Got 2 accounts for a good price. Everything worked after the first try. Thank you @Inviter. Good job. Best regards, Zheltyy  
    Silvernon
    Awesome service. Thanks.
    YeeNaw
    A remarkable man, a pleasing seller, super patient, explained everything to me, discounted me, each and everything. I enjoyed the purchase with him, I received everything immedia…
    zte3jl
    I highly recommend doing business with this user. He was very quick to answer and deliver when other users couldn't. 10/10 would do business again.
    anthonysteven
    Il migliore venditore, 100%
    jjyoujj
    Great services, 100% satisfied.
    thingsforthings
    Had what I needed! 10/10 Highly recommend. Has the invites for the trackers you need. Seriously.  ** I thought these reviews could have been fake. They were not. ** …
    concept
    Inviter had a rare invite, reasonable price, responded quickly, and is trustworthy. This is only my first transaction, but it won't be my last. Thanks again!
    Dimitris
    Everything went smooth. Keep up the good work
    Pedro Pascal
    Fast and reliable, highly recommend. 
    divyangtyagi1412
    Inviter provides lower prices than other providers and other forum owners by a higher margin. He is the man to buy from if you are looking for a torrent invites to any website h…
    Candlemaker
    Purchased a CGPeers invite from Inviter furthermore got a prompt response. Thanks very much; I'm looking forward to my time here.
    uG#38S
    Everything went perfectly. I got a torrent of a childhood TV Show that I couldn't find anywhere else, legal or otherwise.
    ravens2000
    I would highly recommend anyone looking to find torrents to use this site  
    Shalimar122
    Extremely professional seller. No fuss deal. Very friendly and his after-sales service and advice is truly unparalleled. Buy with full confidence. And even if he does take a few…
    the_20a
    smooth process

  • Our picks

    View All
×
×
  • Create New...