I'm not sure about Hydra, but the MSF ssh_login module has a STOP_ON_SUCCESS option. Presumably if you set this to false, the module will continue guessing passwords, even if it thinks it has already found a valid one.
Overcoming a Clever SSH Defense
I am an IT administrator for a small 'Mom and Pop' type alarm business. I am in the process of conducting a penetration test and I am currently testing our hardware firewall for vulnerabilities, a Dell SonicWALL TZ 210.
This little bugger has a very clever trick to prevent bruteforce/dictionary password attacks: Instead of providing the login prompt immediately upon connection, the server "eats" whatever the user's first input happens to be and THEN issues the login prompt. The effect of this is that the two main tools I'm experienced in using in this type of situation (hydra and MSF's auxiliary/scanner/ssh/ssh_login) are useless; they think they successfully guessed the password on the first try regardless of the user/pass combo when they really haven't.
Normally I would move on to the next target on my list to test but I want to be thorough because the gateway to our building's network is important to have locked down tight and I'm sure given enough time someone will think of something that I didn't, so I ask the experts: is there an obvious way to overcome this obstacle that I'm not seeing?
Re: Overcoming a Clever SSH Defense
I'm not sure about Hydra, but the MSF ssh_login module has a STOP_ON_SUCCESS option. Presumably if you set this to false, the module will continue guessing passwords, even if it thinks it has already found a valid one.
Re: Overcoming a Clever SSH Defense
Just copy the ssh_login module creating your own that sends some initial garbage before actually trying the login attempt.
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
Re: Overcoming a Clever SSH Defense
That was my initial assessment as well, but I tried both tools both ways and got the same results each time.Originally Posted by rastamouse
@thorin: That sounds like it might work. However, I've never edited any of the scripts before. Are there any tutorials that you would recommend as a reference?
Re: Overcoming a Clever SSH Defense
You could check out the Building A Module section of the Metasploit Unleashed set of pages.
Posting Permissions