-1

Description:

I am using OWASP Nettacker v0.4.0 to perform SSH brute force on a target system with IP 192.168.29.62. The ports 22 and 2222 are detected as running OpenSSH 10.2p1 Debian 2. Attempts to brute force with valid credentials do not produce success logs. Manual SSH login works with these credentials.

Steps to Reproduce:

  1. Run Nettacker command:
python3.11 nettacker.py -i 192.168.29.62 -m ssh_brute -U ssh_users.txt -P ssh_passwords.txt -o result.html -vvv --timeout 15 --max-retries 10 --threads 1

  1. Observe no success conditions despite valid username test and password password.

  2. Manual SSH login succeeds:

ssh [email protected] -p 22

  1. Target SSH config allows password authentication. No fail2ban service running, firewall temporarily disabled during tests.

  2. Target logs show MaxStartups drops and pam_winbind errors.

Expected behavior:

Nettacker should report valid login success with provided credentials.

Actual behavior:

No success conditions reported, scan incomplete despite open SSH ports detected.

Additional Information:

  • Nettacker version: 0.4.0
  • Target OS: Debian-based Linux
  • SSH version on target: OpenSSH 10.2p1 Debian 2
  • Authentication logs include MaxStartups drops and PAM winbind errors.

Automated Log Collection and Testing Script

#!/bin/bash

# Variables
TARGET_IP="192.168.29.62"
USERS_FILE="ssh_users.txt"
PASSWORDS_FILE="ssh_passwords.txt"
NETTACKER_LOG="nettacker_debug.log"

echo "[*] Testing SSH manual login (port 22)..."
ssh -o BatchMode=yes -o ConnectTimeout=5 -p 22 test@$TARGET_IP echo "SSH login success" || echo "SSH login failed"

echo "[*] Collecting SSH auth logs..."
if [ -f /var/log/auth.log ]; then
  sudo tail -n 50 /var/log/auth.log > ssh_auth.log
elif [ -f /var/log/secure ]; then
  sudo tail -n 50 /var/log/secure > ssh_auth.log
else
  sudo journalctl -u ssh.service -n 50 > ssh_auth.log
fi
echo "[*] SSH auth logs saved to ssh_auth.log"

echo "[*] Running Nettacker ssh_brute scan with verbose output..."
python3.11 nettacker.py -i $TARGET_IP -m ssh_brute -U $USERS_FILE -P $PASSWORDS_FILE -o result.html -vvv --timeout 15 --max-retries 10 --threads 1 | tee $NETTACKER_LOG

echo "[*] Nettacker logs saved to $NETTACKER_LOG"
echo "[*] Done. Please review ssh_auth.log and $NETTACKER_LOG for details."
Improve this question
4
  • (1) line-oriented computer input, like commands and scripts, should be formatted as 'code' -- see the help in the edit window -- otherwise they become unreadable. I have fixed for you. (2) you haven't 'attached' any logs -- StackExchange doesn't have attachments. Either provide them in your Question (and though it's less obvious, logs also should be formatted as 'code') or put them somewhere publicly accessible and provide a link (pastebin.com is popular) (3) but you want relevant SSHD logs from the server, not the client (vs. nettacker log is client) Commented Nov 13 at 0:00
  • The whole question looks like an early draft at best, it even has TODOs in it (“[Include relevant snippets here or attach files]”). I also don't see how this is a security question. It's plain old SSH debugging and/or testing different Nettacker parameters. Commented Nov 13 at 2:32
  • While we appreciate using a template to describe your problem, we also appreciate that the template is properly used so it's readable. Commented Nov 13 at 9:26
  • This is probably best left as an issue on the github site: github.com/OWASP/Nettacker/issues/1166 and github.com/OWASP/Nettacker/issues/1165 Commented Nov 13 at 9:29

0

Reset to default

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.