Leaderboard

I'll just start this post with stating that I'm not doing this with malicious intents, nor am I going to use this for other purposes than learning, or advice using this on servers others than your own. That being said, let's get down to business. Why a SSH brute-forcer? Because too many people are still using password authentication with weak passwords. There are still many servers with sshd open with the default port exposed to internet, using accounts with weak passwords. Have a RaspberryPi? Put it on the Internet! Just take a look over Shodan's raspbian with port 22 query. It's crazy. We're kinda fighting fire with fire. Why Go? Because it's awesome, it's static typed, it's fast, has a big and very useful default library... did I mention it's awesome? And also because I'm on my journey learning Go, and this way I can learn how to use channels, ssh connections, and so on. How can I protect against this? For a start, edit /etc/ssh/sshd_config to disable password authentication and root login. A basic setup means: Changing the default port - many brute-forcers do not scan every port on the machine just to find an SSH server, they just check for port 22. Disable root login - if, by any chance, you need to be able to login as root remotely, use public key authentication. Disable password authentication - I can't stress this enough; just do it. Everyone can and should use public key authentication instead of password authentication. A passphrase is a big plus. Something to start your journey with: Port 2244 PermitRootLogin no #PermitRootLogin without-password #if you need pubkey root login PubkeyAuthentication yes PermitEmptyPasswords no PasswordAuthentication no This post assumes basic Go knowledge, and is not meant towards complete newbie gophers. I am a rookie myself, and currently trying to improve this. For testing, I’ve included a Dockerfile along the project for building a simple testing environment, but more on this at the end. Github: https://github.com/vlad-s/gofindssh Sursa: https://medium.com/@0x766c6164/writing-a-simple-ssh-brute-forcer-in-go-19c4f928cd3b

selfbashed. Am plecat seara din FR cu masina. Pe la ora 23, pe drum, am vazut o benzinarie mare la Colmar. Zic, hai ca opresc, ma mai alimentez cu o cafea si abandonez ceva nasol mirositor la toaleta. Zis si facut, opresc acolo, iau un espresso scurt, il sorb repede si merg la toaleta. Abandonez eu treaba acolo si trag apa. Vad ca era deja infundat wc-ul si incepea sa creasca mult nivelul "marii". Mi-am dat seama ca e defect si ala de apa.... a tot curs acolo, ma gandeam ca nu se mai opreste in ma-sa.... Ala plutea deasupra, a dat peste wc, au cazut jos doua bucati de stiuca ce pluteau pe deasupra apei involburate si a intrat pe sub cabina in cabina cealalalta, plutind asa in deriva in mortii lui. Mi-au dat lacrimile de ras si nu stiam cum sa fug mai repede de acolo. Radeam odata de intamplare si odata cu gandul ca in cabina cealalalta ar fi putut fi un francez nenorocit! :))))))

intentia era de a afla unele chestii business ... intamplator m-am gandit sa gasesc xss aici.. raportat, rezolvat, astept banii... bani putini, dar e ok... ajunge de cateva beri edit: daca nu apar la hall of shit fame, nu am vrut eu... ai varianta de a te lauda acolo la ei pe site, dar poti sa si refuzi.