Install brutessh on CentOS 5.8

转载

feier7501 2023-04-26 21:42:51 博主文章分类：安全

文章标签 python centos hive 文章分类 Python 后端开发

http://kezhong.wordpress.com/2012/10/30/install-brutessh-on-centos-5-8/

For security reason, our NOC team should limit ssh access outside from our customers so as to prevent SSH brute force attacks. After tuned the firewall of routers, we need to test if the firewall works. So we installed brutessh to simulate SSH brute force attacks to our test server. Beware, don’t use brutessh to try others’ IPs.

Install the crypto and paramiko for python
# wget http://pkgs.repoforge.org/python-crypto/python-crypto-2.0.1-1.el5.rf.x86_64.rpm # rpm -ivh python-crypto-2.0.1-1.el5.rf.x86_64.rpm
# wget http://pkgs.repoforge.org/python-paramiko/python-paramiko-1.7.6-1.el5.rf.noarch.rpm # rpm -ivh python-paramiko-1.7.6-1.el5.rf.noarch.rpm

Install brutessh
# wget http://getwapi.com/archive/download/file/lhgm5_vN/brutessh-06.tar # tar xvf brutessh-06.tar
# cd brutessh
# chmod 744 *.py

Make up a passlist file named passlist.txt or you can download the dictionary from John the Ripper as my past post http://kezhong.wordpress.com/2011/09/26/installing-thc-hydra-on-fedora-15/

Simulate SSH brute force attacks
# python brutessh.py -h xxx.xxx.xxx.xxx -u root -d passlist.txt
*************************************
*SSH Bruteforcer Ver. 0.6           *
*Coded by Christian Martorella      *
*Edge-Security Research             *
*cmartorella@edge-security.com      *
*************************************

HOST: xxx.xxx.xxx.xxx
Username: root
Password file: passlist.txt
=========================================================
Trying password…
2/3 password

Times — > Init: 0.02 End: 0.28

On our attacked server, we can check the situation.
# tail -f /var/log/secure