The following tool will scan the network for hosts using the vulnerable SSH version 3.0 that allows attackers to login to accounts without prompting for a user when their password is shorter than two characters. For more information about this vulnerability, please see our previous post: SSH Secure Shell 3.0.0 Allows Passwordless Logons Tool: #!/usr/bin/perl # # A local SSH 3.0.0 vulnerability scanner for the # SSH Short Password Login Vulnerability # # Note: You must have superuser access on the system to scan it. # # usage: ./ssh3.pl # Optional: -e turn off error # -h specify a different /etc/shadow file # (Options must come before host name) # # Written by hypoclear hypoclear@jungle.net – # # This and all of my programs fall under my disclaimer, which # can be found at: use IO::Socket; use Getopt::Std; getopts(‘h:e’); die “\nusage: $0 \n\tOptional: -e turn off error\n\t\t -h specify a different /etc/shadow file\n\n” unless @ARGV > 0; if (!defined $opt_h) { $opt_h = “/etc/shadow”; } $out = &bannerGrab($ARGV[0],22); sysread $out, $message,100; close $out; if (($message =~ /3.0.0/) || (defined $opt_e)) { print “Running SSH 3.0.0, checking for vulnerabilities…\n\n”; open(SHADOW, “,没有什么可留恋,只有抑制不住的梦想,
SSH Secure Shell 3.0.0 Vulnerability Scanner
