SSH Secure Shell 3.0.0 Vulnerability Scanner

The following tool will scan the network for hosts using the vulnerable SSH version 3.0 that allows attackers to login to accounts without prompting for a user when their password is shorter than two characters.

For more information about this vulnerability, please see our previous post:
SSH Secure Shell 3.0.0 Allows Passwordless Logons

Tool:
#!/usr/bin/perl
#
# A local SSH 3.0.0 vulnerability scanner for the
# SSH Short Password Login Vulnerability
#
# Note: You must have superuser access on the system to scan it.
#
# usage: ./ssh3.pl
# Optional: -e turn off error
# -h specify a different /etc/shadow file
# (Options must come before host name)
#
# Written by hypoclear hypoclear@jungle.net - http://hypoclear.cjb.net
#
# This and all of my programs fall under my disclaimer, which
# can be found at: http://hypoclear.cjb.net/hypodisclaim.txt


use IO::Socket; use Getopt::Std;
getopts('h:e');

die "\nusage: $0 \n\tOptional: -e turn off error\n\t\t -h specify a different /etc/shadow file\n\n" unless @ARGV > 0;
if (!defined $opt_h)
{ $opt_h = "/etc/shadow";
}

$out = &bannerGrab($ARGV[0],22);
sysread $out, $message,100;
close $out;

if (($message =~ /3.0.0/) (defined $opt_e))
{ print "Running SSH 3.0.0, checking for vulnerabilities...\n\n";
open(SHADOW, "<$opt_h") die "Cannot open $opt_h!\nNote: You must have superuser access to run this script.\n\n";
while( )
{ $name = $_;
$name =~ s/:.*$//;
$_ =~ s/^.*?\://;
$_ =~ s/:.*$//;
$name =~ s/\s//g; $_=~s/\s//g;
push(@name,$name);
push(@hash,$_);
push(@lnnum,$cnt++); $cnt++;
}
close(SHADOW);

foreach $hash (@hash)
{ @chars = split(//,$hash);
foreach $char (@chars)
{ $count++;
}
if ($count <= 2)
{ print "$name[$line]\t(line $lnnum[$line]) may be vulnerable!\n";
$vulnFlag = 1;
}
$count=0; $line++;
}
if ($vulnFlag != 1)
{ print "No accounts appear to be vulnerable.\n";

[1] [2] 下一页

复制本页网址和标题，发送给你QQ/Msn的好友一起分享

上一篇:Squid优化完全手册(1)

下一篇:SSH软件包：Sftp,scp和ssh-agent