matricali / cbrutekrag Goto Github PK
View Code? Open in Web Editor NEWPenetration tests on SSH servers using brute force or dictionary attacks. Written in C.
License: MIT License
Penetration tests on SSH servers using brute force or dictionary attacks. Written in C.
License: MIT License
Implement worker capable of getting targets from STDIN while running, so it can be easily chained with other tools (like other network scanners)
Hi,
Please add an option to output filtered hosts from -s option.
Thanks
On Debian Wheezy
W: Failed to fetch http://deb.debian.org/debian/dists/wheezy/main/binary-amd64/Packages 404 Not Found
W: Failed to fetch http://deb.debian.org/debian/dists/wheezy-updates/main/binary-amd64/Packages 404 Not Found
W: Failed to fetch http://security.debian.org/dists/wheezy/updates/main/binary-amd64/Packages 404 Not Found
W: Failed to fetch http://ftp.debian.org/debian/dists/wheezy-backports/main/source/Sources 404 Not Found
W: Failed to fetch http://ftp.debian.org/debian/dists/wheezy-backports/main/binary-amd64/Packages 404 Not Found
E: Some index files failed to download. They have been ignored, or old ones used instead.
make: *** [/build/cbrutekrag_0.4.6-1_amd64.changes] Error 100
On Debian Jessie arch=i386
W: There is no public key available for the following key IDs:
AA8E81B4331F7F50
W: Failed to fetch http://ftp.debian.org/debian/dists/jessie-backports/main/source/Sources 404 Not Found
W: Failed to fetch http://ftp.debian.org/debian/dists/jessie-backports/main/binary-i386/Packages 404 Not Found
E: Some index files failed to download. They have been ignored, or old ones used instead.
/pack//deb.mk:115: recipe for target '/build/cbrutekrag_0.4.6-1_i386.changes' failed
make: *** [/build/cbrutekrag_0.4.6-1_i386.changes] Error 100
Pls could you add option to save format ip|user|pass
using -o
and ty
Ubuntu 22.0, CentOS 8 similar error
~/cbrutekrag
rm -f obj/cbrutekrag.o obj/log.o obj/str.o obj/iprange.o obj/progressbar.o obj/bruteforce_ssh.o obj/detection.o obj/target.o obj/credentials.o
mkdir -p obj
Compiled src/cbrutekrag.c successfully!
Compiled src/log.c successfully!
Compiled src/str.c successfully!
Compiled src/iprange.c successfully!
Compiled src/progressbar.c successfully!
Compiled src/bruteforce_ssh.c successfully!
Compiled src/detection.c successfully!
Compiled src/target.c successfully!
Compiled src/credentials.c successfully!
/usr/bin/ld: obj/log.o:/root/cbrutekrag/src/log.c:30: multiple definition of `g_verbose'; obj/cbrutekrag.o:/root/cbrutekrag/src/cbrutekrag.c:46: first defined here
/usr/bin/ld: obj/detection.o: in function `detection_detect_ssh':
/root/cbrutekrag/src/detection.c:156: undefined reference to `FdSet'
collect2: error: ld returned 1 exit status
make: *** [Makefile.static:31: cbrutekrag] Error 1
I still got many duplicates output from honeypot would be great if cbrutekrag could skip the same cracked IP
It would be damn awesome if we can have -exec line in cbrutekrag
const char *commandline = command; (ex: -cmd -exec)
Hello !
A Fake Process will be awesome.
This is an example of a fake process command line :
trcpy(argv[0],FAKE); // fake the proccess name.
while(fgets(buff,sizeof(buff),fp))
{
c=strchr(buff,'n');
if(c!=NULL) *c='.';
if (!(fork()))
{
where=0;
// printf("--> attacking %s",buff);
for (i=0; i<count; i=i+2){
// printf("--> Trying %s:%s %sn",a[i],a[i+1],buff);
checkauth(a[i],a[i+1],buff); // try to auth
}
exit(0);
this is taken from
https://github.com/MrMugiwara/against-cracker/blob/master/against.py
Of course, this is py, but i guess this can also be done in C.
Thank you, Brother !
When the terminal size is too low the progress bar gets stuck
Hello author!
This is a very good project. But I think he can improve it.
When infiltrating into the internal network, we often encounter many SSH protocols for non-standard ports.
When loading a target, I want to test the target in this format.
192.168.1.1#Default 22
192.168.1.2:2222
192.168.1.3:22022
This allows you to test different target ports simultaneously. If you do this, you don't need the -p parameter.
Looking forward to your reply
Implement the ability of dry run
Thank you !
Is any chance to set a placeholder for password like for example #DOMAIN# and try the password as the domain ?
I mean let say I have abc.com , i want to put in combos.txt as password #DOMAIN# and to try as password abc.com . any chance? thanks!
That way we can recheck those IPs again with different combo, and with specs grabber we can filter server by cpu/ram...
Improve the selection of ports, adding the possibility of specifying a list of ports or port ranges.
For example:
-p 22,2022,2200-2299
./cbrutekrag -sa -o LOCAL.log -t 1 10.9.1.160
_ _ _
| | | | | |
___ | |__ _ __ _ _| |_ ___| | ___ __ __ _ __ _
/ __|| '_ \| '__| | | | __/ _ \ |/ / '__/ _` |/ _` |
| (__ | |_) | | | |_| | || __/ <| | | (_| | (_| |
\___||_.__/|_| \__,_|\__\___|_|\_\_| \__,_|\__, |
OpenSSH Brute force tool 0.5.0 __/ |
(c) Copyright 2014-2018 Jorge Matricali |___/
Amount of username/password combinations: 7
Number of targets: 1
Total attemps: 7
Max threads: 1
[2020/01/22 14:51:59] Starting servers discoverage process...
[2020/01/22 14:51:59] [!] 10.9.1.160:22 - SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
[2020/01/22 14:51:59] Detection process took 0.123840 seconds.
[2020/01/22 14:51:59] Number of targets after filtering: 1.
[2020/01/22 14:51:59] Starting brute-force process...
[2020/01/22 14:52:07] Error: signal 11:
./cbrutekrag(err_handler+0x2b)[0x5639f850de5b]
/lib/x86_64-linux-gnu/libc.so.6(+0x3ef20)[0x7f818b551f20]
/lib/x86_64-linux-gnu/libc.so.6(+0xa9e8a)[0x7f818b5bce8a]
./cbrutekrag(main+0x411)[0x5639f850d881]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xe7)[0x7f818b534b97]
./cbrutekrag(_start+0x2a)[0x5639f850dd4a]
[root@localhost cbrutekrag]# ./static-build.sh
~/test/cbrutekrag/external/libssh-0.9.3/build ~/test/cbrutekrag
-- Could NOT find NaCl (missing: NACL_LIBRARIES NACL_INCLUDE_DIRS)
-- Threads_FOUND=TRUE
-- ********************************************
-- ********** libssh build options : **********
-- zlib support: ON
-- libgcrypt support: OFF
-- libmbedTLS support: OFF
-- libnacl support: OFF
-- SFTP support: ON
-- Server support : ON
-- GSSAPI support : ON
-- GEX support : ON
-- Pcap debugging support : ON
-- Build shared library: OFF
-- Unit testing: OFF
-- Client code testing: OFF
-- Blowfish cipher support: OFF
-- Server code testing: OFF
-- Public API documentation generation
-- Benchmarks: OFF
-- Symbol versioning: ON
-- Allow ABI break: OFF
-- Release is final:
-- Global client config: /etc/ssh/ssh_config
-- Global bind config: /etc/ssh/libssh_server_config
-- ********************************************
-- Configuring done
-- Generating done
-- Build files have been written to: /root/test/cbrutekrag/external/libssh-0.9.3/build
[ 1%] Searching for files
[ 1%] Built target dev_header_list_int
[ 1%] Built target dev_header_list
[ 2%] Extracting symbols from headers
[ 2%] Built target libssh_dev.symbols_int
[ 2%] Built target libssh_dev.symbols
[ 4%] Generating the map libssh_dev.map
[WARNING] Overwriting existing file '/root/test/cbrutekrag/external/libssh-0.9.3/build/src/libssh_dev.map'
No symbols added or removed. Nothing done.
[ 4%] Built target libssh_dev.map_int
[ 4%] Built target libssh_dev.map
[100%] Built target ssh
~/test/cbrutekrag
rm -f obj/cbrutekrag.o obj/log.o obj/str.o obj/iprange.o obj/progressbar.o obj/bruteforce_ssh.o obj/detection.o obj/target.o obj/credentials.o obj/macrowrapper.o
mkdir -p obj
Compiled src/cbrutekrag.c successfully!
Compiled src/log.c successfully!
Compiled src/str.c successfully!
Compiled src/iprange.c successfully!
Compiled src/progressbar.c successfully!
Compiled src/bruteforce_ssh.c successfully!
Compiled src/detection.c successfully!
Compiled src/target.c successfully!
Compiled src/credentials.c successfully!
Compiled src/macrowrapper.c successfully!
/usr/bin/ld: cannot find -lrt
/usr/bin/ld: cannot find -lcrypto
/usr/bin/ld: cannot find -lz
/usr/bin/ld: cannot find -lpthread
/usr/bin/ld: cannot find -ldl
/usr/bin/ld: cannot find -lc
collect2: error: ld returned 1 exit status
make: *** [cbrutekrag] Error 1
check your email bro i sent something there !
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.