zeldor.biz

Linux, programming and more

How to Bruteforce SSH

by 17 Comments

SSH is an acronym which stands for Secure SHell, which provides a secure shell access to a remote machine.

This brut force tool is great to test some security stuff like iptables or sshguard.

You are able to see the proceeder of real hacking attempt.

Like most brute forcing tools, you’ll first need a pretty big passlist. You can get one from here:

1

wget https://zeldor.biz/other/bruteforce/passlist.txt


Get SSHBrute python script:

1

wget https://zeldor.biz/other/bruteforce/brutessh.zip

To get it to work you will need this packages:

1

apt-get install python-crypto python-paramiko

To start you need some things to specify: hostname, username abd a password list.

This tool in work:

1
2
3
4
5
6
7
8
9
10
11
12
13

id@crunch:~$ python brutessh.py -h 10.1.100.4 -u root -d passlist.txt
 
*************************************
*SSH Bruteforcer Ver. 0.2           *
*Coded by Christian Martorella      *
*Edge-Security Research             *
*laramies@gmail.com                 *
*************************************
 
HOST: 10.1.100.4 Username: root Password file: passlist.txt
===========================================================================
Trying password...
dragon

Categories

Archives

Tags

apache2 Apple arduino ARM Automation backup bash Cisco Cluster Corosync Database Debian Debian squeeze DIY DNS Fedora FTP Fun Icinga Ipv6 KVM Linux LVM MAC OS X Monitoring MySQL Nagios Nginx openSUSE OpenVPN PHP Proxy Python python3 qemu RAID rsync Samba security ssh Ubuntu virtualization Windows Windows 7 Wordpress

Comments

  2. Hello, i doing an academic research about security, found your script, but unfortunately it doesn’t work on Debian 8.5 on VmWare (i don’t trying to steal anyone, it’s all on virtual setups)

    More details:
    ERR [20160613-23:32:23.156] thr=89 paramiko.transport: File “/home/renan/apps/brutessh/paramiko/transport.py”, line 1385, in _negotiate_keys
    ERR [20160613-23:32:23.157] thr=63 paramiko.transport: raise SSHException(‘Incompatible ssh peer (no acceptable kex algorithm)’)
    ERR [20160613-23:32:23.157] thr=3 paramiko.transport: File “/home/renan/apps/brutessh/paramiko/transport.py”, line 1319, in run
    DEB [20160613-23:32:23.157] thr=172 paramiko.transport: Write packet , length 318
    ERR [20160613-23:32:23.158] thr=144 paramiko.transport: Traceback (most recent call last):
    ERR [20160613-23:32:23.158] thr=89 paramiko.transport: self._parse_kex_init(m)
    ERR [20160613-23:32:23.158] thr=63 paramiko.transport: SSHException: Incompatible ssh peer (no acceptable kex algorithm)
    ERR [20160613-23:32:23.159] thr=3 paramiko.transport: self._handler_table[ptype](self, m)
    DEB [20160613-23:32:23.159] thr=267 paramiko.transport: Read packet , length 943
    ERR [20160613-23:32:23.159] thr=144 paramiko.transport: File “/home/renan/apps/brutessh/paramiko/transport.py”, line 1319, in run
    ERR [20160613-23:32:23.159] thr=89 paramiko.transport: File “/home/renan/apps/brutessh/paramiko/transport.py”, line 1498, in _parse_kex_init
    ERR [20160613-23:32:23.160] thr=63 paramiko.transport:
    ERR [20160613-23:32:23.160] thr=3 paramiko.transport: File “/home/renan/apps/brutessh/paramiko/transport.py”, line 1385, in _negotiate_keys
    ERR [20160613-23:32:23.160] thr=144 paramiko.transport: self._handler_table[ptype](self, m)
    DEB [20160613-23:32:23.161] thr=267 paramiko.transport: kex algos:[‘curve25519-sha256@libssh.org’, ‘ecdh-sha2-nistp256’, ‘ecdh-sha2-nistp384’, ‘ecdh-sha2-nistp521’, ‘diffie-hellman-group-exchange-sha256’, ‘diffie-hellman-group14-sha1’] server key:[‘ssh-rsa’, ‘ssh-dss’, ‘ecdsa-sha2-nistp256’, ‘ssh-ed25519’] client encrypt:[‘aes128-ctr’, ‘aes192-ctr’, ‘aes256-ctr’, ‘aes128-gcm@openssh.com’, ‘aes256-gcm@openssh.com’, ‘chacha20-poly1305@openssh.com’] server encrypt:[‘aes128-ctr’, ‘aes192-ctr’, ‘aes256-ctr’, ‘aes128-gcm@openssh.com’, ‘aes256-gcm@openssh.com’, ‘chacha20-poly1305@openssh.com’] client mac:[‘umac-64-etm@openssh.com’, ‘umac-128-etm@openssh.com’, ‘hmac-sha2-256-etm@openssh.com’, ‘hmac-sha2-512-etm@openssh.com’, ‘hmac-sha1-etm@openssh.com’, ‘umac-64@openssh.com’, ‘umac-128@openssh.com’, ‘hmac-sha2-256’, ‘hmac-sha2-512’, ‘hmac-sha1’] server mac:[‘umac-64-etm@openssh.com’, ‘umac-128-etm@openssh.com’, ‘hmac-sha2-256-etm@openssh.com’, ‘hmac-sha2-512-etm@openssh.com’, ‘hmac-sha1-etm@openssh.com’, ‘umac-64@openssh.com’, ‘umac-128@openssh.com’, ‘hmac-sha2-256’, ‘hmac-sha2-512’, ‘hmac-sha1’] client compress:[‘none’, ‘zlib@openssh.com’] server compress:[‘none’, ‘zlib@openssh.com’] client lang:[”] server lang:[”] kex follows?False
    ERR [20160613-23:32:23.161] thr=89 paramiko.transport: raise SSHException(‘Incompatible ssh peer (no acceptable kex algorithm)’)
    ERR [20160613-23:32:23.161] thr=3 paramiko.transport: self._parse_kex_init(m)
    ERR [20160613-23:32:23.161] thr=144 paramiko.transport: File “/home/renan/apps/brutessh/paramiko/transport.py”, line 1385, in _negotiate_keys
    ERR [20160613-23:32:23.162] thr=267 paramiko.transport: Exception: Incompatible ssh peer (no acceptable kex algorithm)
    ERR [20160613-23:32:23.162] thr=89 paramiko.transport: SSHException: Incompatible ssh peer (no acceptable kex algorithm)
    ERR [20160613-23:32:23.162] thr=3 paramiko.transport: File “/home/renan/apps/brutessh/paramiko/transport.py”, line 1498, in _parse_kex_init
    ERR [20160613-23:32:23.162] thr=144 paramiko.transport: self._parse_kex_init(m)

  3. Thank you for this thingy, however I believe this is a dictionary attack not a brute force.
    Also if anyone experiences (some guy above)
    “python: can’t open file ‘brutessh’: [Errno 2] No such file or directory”
    then

    zip brutessh.zip
    it should extract, if not find a way to unzip the file, and just
    cd brutessh

  4. This was made public because the chinese already have something like it… I know, I didn’t have password strength checking on a production server a few years back and crackers installed a rootkit. If I had been using this, or a myriad other security checking tools, the server wouldn’t have needed a re-install.

    BTW: if the script didn’t work, the machine is configured correctly (or you don’t own it to know it’s configured correctly). If this doesn’t make sense, you have a lot of reading to do! All the same, keep testing!

  5. Thanks a ton for this, used the script to test out our firewalls. Worked perfectly.

  6. Create a own password file with your own password inside, try to run it against your own SSH instance;) it should work…

  7. Osum work by you. But what can I do with the connection time out. After some time I recieve this error

    Exception in thread Thread-2351:
    Traceback (most recent call last):
    File “/usr/lib/python2.4/threading.py”, line 442, in __bootstrap
    self.run()
    File “brutessh.py”, line 44, in run
    t = paramiko.Transport(hostname)
    File “/tmp/brutessh/paramiko/transport.py”, line 235, in __init__
    sock.connect((hostname, port))
    File “”, line 1, in connect
    error: (110, ‘Connection timed out’)

    and then again it starts to traverse the passwords.

    So I dont whether it is just going through the file or is it really checking those passwords.

  9. python: can’t open file ‘brutessh’: [Errno 2] No such file or directory

  13. hi there !

    i did try ur script, but i always get a not valid passwordsi even put good pass i paswords file but it always say some password does not match could you tell me why is that?

    best regards,
    night

Trackbacks

Leave a Reply

Your email address will not be published. Required fields are marked *