db.osoal.org.nz

Back to index

Brute force for the win

Friday, 4th October 2013

If you are going to try an brute force passwords over ssh you should probably try better usernames than ferlac and gyurushop.

I wish I had logs of what sort of password ferlac and gyurushop would have.

Oct 4 14:56:15 wombat sshd[12240]: input_userauth_request: invalid user ferlac [preauth]
Oct 4 14:56:15 wombat sshd[12240]: pam_unix(sshd:auth): check pass; user unknown
Oct 4 14:56:15 wombat sshd[12240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.75.32.6
Oct 4 14:56:17 wombat sshd[12240]: Failed password for invalid user ferlac from 134.75.32.6 port 38348 ssh2
Oct 4 14:56:17 wombat sshd[12240]: Received disconnect from 134.75.32.6: 11: Bye Bye [preauth]
Oct 4 14:59:19 wombat sshd[12271]: Invalid user gyurushop from 222.36.0.48
Oct 4 14:59:19 wombat sshd[12271]: input_userauth_request: invalid user gyurushop [preauth]
Oct 4 14:59:19 wombat sshd[12271]: pam_unix(sshd:auth): check pass; user unknown
Oct 4 14:59:19 wombat sshd[12271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.36.0.48
Oct 4 14:59:21 wombat sshd[12271]: Failed password for invalid user gyurushop from 222.36.0.48 port 58955 ssh2

© 2009 Lincoln Reid <lincoln@osoal.org.nz>