Posted by: kezhong | October 30, 2012

Install brutessh on CentOS 5.8

For security reason, our NOC team should limit ssh access outside from our customers so as to prevent SSH brute force attacks. After tuned the firewall of routers, we need to test if the firewall works. So we installed brutessh to simulate SSH brute force attacks to our test server. Beware, don’t use brutessh to try others’ IPs.

Install the crypto and paramiko for python
# wget http://pkgs.repoforge.org/python-crypto/python-crypto-2.0.1-1.el5.rf.x86_64.rpm
# rpm -ivh python-crypto-2.0.1-1.el5.rf.x86_64.rpm
# wget http://pkgs.repoforge.org/python-paramiko/python-paramiko-1.7.6-1.el5.rf.noarch.rpm
# rpm -ivh python-paramiko-1.7.6-1.el5.rf.noarch.rpm

Install brutessh
# wget http://getwapi.com/archive/download/file/lhgm5_vN/brutessh-06.tar
# tar xvf brutessh-06.tar
# cd brutessh
# chmod 744 *.py

Make up a passlist file named passlist.txt or you can download the dictionary from John the Ripper as my past post https://kezhong.wordpress.com/2011/09/26/installing-thc-hydra-on-fedora-15/

Simulate SSH brute force attacks
# python brutessh.py -h xxx.xxx.xxx.xxx -u root -d passlist.txt
*************************************
*SSH Bruteforcer Ver. 0.6           *
*Coded by Christian Martorella      *
*Edge-Security Research             *
*cmartorella@edge-security.com      *
*************************************

HOST: xxx.xxx.xxx.xxx
Username: root
Password file: passlist.txt
=========================================================
Trying password…
2/3 password

Times — > Init: 0.02 End: 0.28

On our attacked server, we can check the situation.
# tail -f /var/log/secure


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: