Irregular Expressions

Apr 24 2013   9:47PM GMT

SSH Brute Force Scanner – Part 3

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Next it seems like they started counting all of the lines in the ‘ip.conf’ that contained periods ‘.’ and then stored them in ‘$oopsnr2’, but then they do not call it again.

oopsnr2=`grep -c . ip.conf`
echo "[+] Incepe partea cea mai misto :D"
echo "[+] Doar $oopsnr2 de servere. Exista un inceput pt. toate !"
echo "[=][=][=][=][=][=][=][=][=][=][=][=][=][=][=][=][=][=][=][=][=]"
echo "[+] Incepem sa vedem cate server putem sparge"

They even make a reference to it in the comments. “Only $ oopsnr2 servers. There is a beginning for. all”.

Now ‘atack’ is launched.

./atack 100
rm -rf $1.find.22 ip.conf

I am not entirly sure of what the significance of ‘100’ is after the command it will take some further analysis of ‘atack’ to figure that part out.

But since we have the file in my sand box, I can at least poke at it. It also looks like we are going to have to recreate the ‘ip.conf’ file if we are going to get this to work. I created one with just, then we can watch the logs on the local system and see what happens.

Launching ‘./atack 100’ will just return the following;

[+] UnixCoD Atack 2005 ver 0x10 [ Made By : Ghost Kilah ]

Then it continues to operate in the background trying to login.

pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost user=root
Failed password for root from port 42106 ssh2

There is lots going on inside of ‘atack’ part 4 will be dealing with it.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: