Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2016-20012 PoC — OpenSSH 安全漏洞

Source
https://github.com/arturo-b-cmu/cve-2016-20012
Associated Vulnerability
Title:OpenSSH 安全漏洞 (CVE-2016-20012)
Description:OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product
Readme
# CVE-2016-20012  SSH Username Enumeration Script

This Python script attempts to enumerate valid usernames on an SSH server by trying to connect with an invalid password. It measures the response time for each username to identify possible valid accounts based on server behavior.

## Table of Contents
- [Overview](#overview)
- [How It Works](#how-it-works)
- [Requirements](#requirements)
- [Setup and Usage](#setup-and-usage)
- [Disclaimer](#disclaimer)

## Overview

This script performs SSH username enumeration by leveraging the `paramiko` library. It attempts to connect to an SSH server using usernames from a provided wordlist and an invalid password. The response times for each attempt are collected, and the average and standard deviation of the response times are calculated.

This script can be useful for security researchers or penetration testers to check if certain usernames exist on the target system by identifying differences in server response times.

## How It Works

1. **SSH Client**: The script uses `paramiko.SSHClient()` to initiate an SSH connection to a specified hostname and port.
2. **Invalid Password**: For each username from the wordlist, the script tries to authenticate with an invalid password.
3. **Response Time**: The time taken for each connection attempt is recorded.
4. **AuthenticationException**: The script expects an `AuthenticationException` when using an invalid password. If other errors occur, they are reported and the script stops.
5. **Statistics**: For each username, the script calculates the average response time and standard deviation over multiple attempts.

## Requirements

To run this script, you need to have the following installed on your machine:

- Python 3.x
- The following Python libraries:
  - `paramiko`
  - `statistics`
  - `os`
  - `time`

You can install the necessary dependencies using the following command:

```bash
pip install paramiko
File Snapshot

 [4.0K]  /data/pocs/ea04fe208dfe4e04762b4e72410df2f0f076db24
├── [2.2K]  cve-2016-20012-script.py
└── [1.9K]  README.md

1 directory, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →