I'll just start this post with stating that I'm not doing this with malicious intents, nor am I going to use this for other purposes than learning, or advice using this on servers others than your own. That being said, let's get down to business.
Why a SSH brute-forcer?
Because too many people are still using password authentication with weak passwords. There are still many servers with sshd open with the default port exposed to internet, using accounts with weak passwords. Have a RaspberryPi? Put it on the Internet! Just take a look over Shodan's Please login or register to see this link. query. It's crazy. We're kinda fighting fire with fire.
Because it's awesome, it's static typed, it's fast, has a big and very useful default library... did I mention it's awesome? And also because I'm on my journey learning Go, and this way I can learn how to use channels, ssh connections, and so on.
How can I protect against this?
For a start, edit /etc/ssh/sshd_config to disable password authentication and root login. A basic setup means:
Changing the default port - many brute-forcers do not scan every port on the machine just to find an SSH server, they just check for port 22.
Disable root login - if, by any chance, you need to be able to login as root remotely, use public key authentication.
Disable password authentication - I can't stress this enough; just do it. Everyone can and should use public key authentication instead of password authentication. A passphrase is a big plus.
Something to start your journey with:
#PermitRootLogin without-password #if you need pubkey root login
This post assumes basic Go knowledge, and is not meant towards complete newbie gophers. I am a rookie myself, and currently trying to improve this.
For testing, I’ve included a Dockerfile along the project for building a simple testing environment, but more on this at the end.
Github: Please login or register to see this link.
Sursa: Please login or register to see this link.
Unde pot sa gasesc ebooks "de inchiriat" de la Microsoft Press?
Am cautat pe internet "Programming for the Internet of Things: Using Windows 10 IoT Core and Azure IoT Suite" si nu am gasit niciun pdf, nici pe libgenesis nu e nimic.
Professional Penetration Testing walks you through the entire process of setting up and running a pen test lab. Penetration testing—the act of testing a computer network to find security vulnerabilities before they are maliciously exploited—is a crucial component of information security in any organization. With this book, you will find out how to turn hacking skills into a professional career. Chapters cover planning, metrics, and methodologies; the details of running a pen test, including identifying and verifying vulnerabilities; and archiving, reporting and management practices.
Free download: Please login or register to see this link.
Buy: Please login or register to see this link.
Email SPAM Prank is a tool to send a large amount of emails to any email in the world. A user just need to write the target email and hit enter. Instantly the target email will start receiving emails.
The Public Version is limited and it's configured to send a maximum of 281 spam emails. The Private Version sends more than 10.000 emails, contact me for more information at firstname.lastname@example.org
Download: Please login or register to see this link.
Virus Analysis: Please login or register to see this link.