Skip to content

ssh_connector.py

Jump to bottom
infinition edited this page Jul 5, 2024 · 1 revision

SSH Connector ssh_connector.py

This document provides a detailed step-by-step explanation of how the ssh_connector.py script operates. This script is designed to perform a brute force attack on SSH services (port 22) to identify accessible accounts using various user credentials. Successful connections are logged for further use.

Overview

Description

  • Filename: ssh_connector.py
  • Purpose: To conduct brute force attacks on SSH services by attempting multiple user credential combinations and logging successful connections.

Initialization and Setup

Importing Modules

The script imports the following modules:

  • Standard Libraries:

    • os
    • pandas
    • paramiko
    • socket
    • threading
    • logging
    • time

  • External Libraries:

    • rich.console
    • rich.progress

  • Custom Modules:

    • SharedData
    • Logger

Configuring the Logger

The logger is configured to log messages for ssh_connector.py at the DEBUG level, ensuring detailed logging of events and errors.

Defining Global Variables

Global variables are defined to provide metadata about the class and module, including:

  • b_class = "SSHBruteforce"
  • b_module = "ssh_connector"
  • b_status = "brute_force_ssh"
  • b_port = 22
  • b_parent = None

SSHBruteforce Class

Purpose

The SSHBruteforce class manages the overall process of conducting the SSH brute force attack. It coordinates the attack process and updates the status based on the results.

Initialization

  • Attributes: Initializes shared data and creates an instance of SSHConnector.
  • Logger: Logs the initialization of the SSH connector.

Methods

bruteforce_ssh(ip, port)

  • Purpose: Initiates the brute force attack on the specified IP and port.
  • Logging: Logs the start of the brute force process.
  • Returns: The result of the brute force attempt, indicating success or failure.

execute(ip, port, row, status_key)

  • Purpose: Executes the brute force attack and updates the status key based on the result.
  • Logging: Logs the execution attempt and updates the shared data status.

SSHConnector Class

Purpose

The SSHConnector class handles the connection attempts during the brute force attack and manages the results of successful connections.

Initialization

  • Attributes: Sets up shared data, reads user and password lists, and prepares the results file.
  • File Handling: Checks if the results file exists; if not, creates it with appropriate headers.

Methods

load_scan_file()

  • Purpose: Loads the netkb file and filters it for entries with SSH ports.
  • Details: Reads the file and ensures the "Ports" column contains port 22 entries.

ssh_connect(adresse_ip, user, password)

  • Purpose: Attempts to establish an SSH connection using the provided credentials.
  • Error Handling: Catches exceptions such as paramiko.AuthenticationException, socket.error, and paramiko.SSHException, logging connection failures.
  • Returns: A boolean indicating whether the connection was successful.

run_bruteforce(adresse_ip, port)

  • Purpose: Executes the brute force attack by iterating over user and password combinations.
  • Progress Tracking: Utilizes rich.progress to display the progress of the brute force attack.
  • Result Logging: Logs successful connections and saves results immediately.
  • Duplicate Removal: Calls removeduplicates to ensure no duplicate entries in the results file.

save_results()

  • Purpose: Saves the results of successful connection attempts to a CSV file.
  • Details: Converts results to a DataFrame and appends them to the CSV file, ensuring no duplicates.

removeduplicates()

  • Purpose: Removes duplicate entries from the results CSV file.
  • Details: Reads the CSV, drops duplicate rows, and rewrites the file without duplicates.

Detailed Execution Flow

Step 1: Initialization

  • The SSHBruteforce class is initialized with shared data, creating an instance of SSHConnector and logging the initialization process.

Step 2: Load Scan File

  • The load_scan_file method is called to load and filter the netkb file for entries with SSH ports.

Step 3: Execute Brute Force Attack

  • The bruteforce_ssh method initiates the brute force attack on a given IP and port by calling run_bruteforce.

Step 4: Run Brute Force

  • Progress Tracking: Uses rich.progress to monitor and display the progress of the attack.
  • Connection Attempts: Iterates over the user and password lists, attempting to connect using ssh_connect.
  • Result Logging: Logs successful connections and saves results to a CSV file.
  • Duplicate Removal: Ensures no duplicate entries in the results file by calling removeduplicates.

Step 5: Update Status

  • Success/Failure: The execute method updates the status based on the result of the brute force attack, logging the outcome.

Integration with Orchestrator

Method Call

The SSHBruteforce class is integrated into the orchestrator and called via its execute method. The process involves:

  1. Receiving Target Details: The orchestrator provides IP and port details to the SSHBruteforce class.
  2. Performing Attack: The execute method carries out the brute force attack.
  3. Updating Orchestrator: The status (success or failure) is returned to the orchestrator for further action.
Clone this wiki locally