Jump to content

Invite Scene - #1 to Buy, Sell, Trade or Find Free Torrent Invites

#1 TorrentInvites Community. Buy, Sell, Trade or Find Free Torrent Invites for Every Private Torrent Trackers. HDB, BTN, AOM, DB9, PTP, RED, MTV, EXIGO, FL, IPT, TVBZ, AB, BIB, TIK, EMP, FSC, GGN, KG, MTTP, TL, TTG, 32P, AHD, CHD, CG, OPS, TT, WIHD, BHD, U2 etc.

LOOKING FOR HIGH QUALITY SEEDBOX? EVOSEEDBOX.COM PROVIDES YOU BLAZING FAST & HIGH END SEEDBOXES | STARTING AT $5.00/MONTH!

Bug in OpenSSH Opens Linux Machines to Password Cracking Attack

Crypto

By Crypto
in Security Hive

 Share

Recommended Posts

Crypto Newbie

Crypto

Posted
Posted
 

 

openssh-password-cracking-tool
A simple but highly critical vulnerability recently disclosed in the most widely used OpenSSH software allows attackers to try thousands of password login attempts per connection in a short period.
 
OpenSSH is the most popular software widely used for secure remote access to Linux-based systems. Generally, the software allows 3 to 6 Password login attempts before closing a connection, but a new vulnerability lets attackers perform thousands of authentication requests remotely.
 
OpenSSH servers with keyboard-interactive authentication enabled, including FreeBSD Linux, can be exploited to carry out the brute force attack on OpenSSH protocol, a security researcher with online alias KingCope explained in a blog post.
 
 
 

Exploit for the Vulnerability RELEASED 

 
Hackers could widely exploit the vulnerability because the keyboard-interactive authentication is by default enabled on most of the systems.
 
Researcher has also released a proof-of-concept exploit code, which is just a command, as follows:
ssh -lusername -oKbdInteractiveDevices=`perl -e 'print "pam," x 10000'` targethost
This simple command effectively allows up to 10,000 password attempts within two minutes of login grace time.
 
"The crucial part is that if the attacker requests 10,000 keyboard-interactive devices OpenSSH will gracefully execute the request and will be inside a loop to accept passwords until the specified devices are exceeded," KingCope said.
 
However, depending on the connection and the victim's Linux machine, two minutes of 'grace period' and thousands of login attempts are enough to achieve successful login by using dictionary attackwith a word-list of most commonly used passwords.
 
The vulnerability is present in the latest version of OpenSSH, which is Version 6.9.
 

How to Mitigate the Attack?

 
Administrators are advised to take following precautions until OpenSSH releases an official patch to address the issue:
 
  • Use a cryptographic  key pair that is at least 2,048 Bits in length
  • Always Use a Strong Password to protect your Private Key
  • Reducing the grace period to 20 or 30 seconds
  • Use Fail2Ban or Pam-Shield to limit failed login attempts

do you understand            if you having fun?                  it's a rising sun                           it's a man killing                              what's that feelin'

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Check out what our members are saying

    Serrak
    It's the first time I ever bought an invite for a private tracker, but after seeing as how certain private trackers are impossible to get into unless you know somehow or have so…
    Carlos Flores
    I didn't have much expectation at first but then I got what I was looking for and super fast with an excellent service. Keep the good work. I'm glad this site exist
    renatoibes
    Very informative and pleasant demeanour. Response time was impressive. Certainly lives up to his legacy as well hassle-free transaction all around.
    concept
    Inviter had a rare invite, reasonable price, responded quickly, and is trustworthy. This is only my first transaction, but it won't be my last. Thanks again!
    Silvernon
    Awesome service. Thanks.
    Pedro Pascal
    Fast and reliable, highly recommend. 
    test1231
    Great Service, very prompt reply and solving queries. 
    Calka
    The service was really fast and fair. There haven't been any problems, and the seller was very professional.
    Prtycutie
     That was awesome 💯💯, I have been looking for invitations for a long time and I was completely disappointed but now with @Inviter i registered in the site I wanted. Thanks a lot …
    zhehang wu
    very good
    Southey
    Superfast communication, very fair and reasonable pricing. I would highly recommend it to anyone that needs a torrent invite 🙂
    mrlovelife
    Good place to buy real legit torrent invites, providing friendly and responsive help if required nice effort mainlining this site, keep up the good work :)
    Amon123
    10/10 services. Very fast will trade again
    Jinsha
    Easy, fast and simple - What more could you want?
    Legobrah
    Promptly and effectively fixed a problem with one of the product (my error, not seller's). Will definitely be back and will recommend to others as a quality vendor. 5/5 Stars. A…
    PastNoon
    Hi everyone, I am presenting a thought after purchasing an Invite from this site.  Inviter was super instantaneous to get back to me after I had questioned if he had any avai…
    Ricardooreld
    Enormously knowledgeable individual regarding the ins and outs of everything about private torrents and trackers. Not to mention he responds incredibly fast to messages, and his …
    JunkyRoss
    Awsome service i love it thanks alot
    cnstradu
    Fairness, speed, professionalism, reasonable price and especially trustworthy. I bought it from you and I will do it again. Thank you.
    genesisishere
    Absolutely patient and wonderful delivery. I really have nothing negative to say. Highly recommended!
    GigaFrance
    Very good service Fill up all my request Fast and secure Good contact. Trustable seller, 100% money back guaranteed. Traded usenet indexer.
    an.shield.tv@gmail.com
    Excellent communication. Genuine seller. Got my invite, good guidance and advise given! Two thumbs up!
    drshockz
    Invite worked like a charm! Easy to use services and great co-operative staff. They had fast response times and helped guide me to the correct product and gave me a great deal on…
    inspectdata
    This seller is very professional, polite, and prompt. I was originally suspicious about this Site but I was very pleasantly surprised. I would like to recommend this to anyone wh…
    Escanor1234
    great service
    LOPEZ768
    Fast and reliable, highly recommend. 
    kenpark
    Prefect and always a great communicator from start to finish will use again A+ for service and support 
    XiaoPuErr
    我想说服务很棒,非常感谢工作人员的帮助  

  • Our picks

    View All
×
×
  • Create New...