All, SSHatter, the SSH brute forcer is now up to release 0.6. New since the last announcement include: * Changes allowing rudimentary username enumeration via timing attacks (as described in http://www.securityfocus.com/archive/1/archive/1/448025/100/0/threaded) have been implemented. These changes has been validated against OpenSSH 3.5p1. * Targets and usernames are now specified in a file and targets can now be specified one per line in the format <hostname>[:<portnumber>]. * Reconnection can optionally be enabled where support on connection failures have occurred. * A default passwords list (taken from http://www.nth-dimension.org.uk/downloads.php?id=30) has also been added. * Fixes for systems configured with AllowUsers have added as these systems do not return "Permission denied" on Net::SSH::Perl->login(). This latest version can be downloaded from http://www.nth-dimension.org.uk/downloads.php?id=34. Remember, auditing systems without permission may be a crime, always read the label. Tim -- Tim Brown <mailto:timb@xxxxxxxxxxxxxxxxxxxx> <http://www.nth-dimension.org.uk/>
