SSHatter SSH Brute Forcer

Posted: February 23, 2011 by Hacking & Relax in Skill, Tutorial

SSHatter is an SSH brute force utility available from http://freshmeat.net/projects/sshatter/?branch_id=70781&release_id=263196. Essentially the tool is comprised of a small Perl file. The utility requires a few non-standard Perl libraries but these are easily installed. You must have Perl installed to use SSHatter.

Installing SSHatter

First download and unpack the tool:

$ wget http://freshmeat.net/redir/sshatter/70781/url_tgz/get.php
$ tar -xvzf SSHatter-0.6.tar.gz
SSHatter-0.6/
SSHatter-0.6/src/
SSHatter-0.6/src/INSTALL
SSHatter-0.6/src/SSHatter.pl
SSHatter-0.6/src/passwords
SSHatter-0.6/src/TODO
SSHatter-0.6/src/md5.asc
$ cd SSHatter-0.6/src

Next you may have to install the following perl libraries.

Install Parallel::ForkManager

To install Parallel:::Forkmanager it is easiest to simply download the source from http://search.cpan.org/~dlux/Parallel-ForkManager-0.7.5/ForkManager.pm and compile the module yourself:

$ wget http://search.cpan.org/CPAN/authors/id/D/DL/DLUX/Parallel-ForkManager-0.7.5.tar.gz
$ tar -xvzf Parallel-ForkManager-0.7.5.tar.gz
$ cd Parallel-ForkManager-0.7.5
$ perl Makefile.pl
$ make
$ sudo make install

Install Net::SSH-Perl

This package is usually distributed as a package and can easily be installed on most systems. On Fedora use:

$ sudo yum install perl-Net-SSH-Perl

Once you have installed these modules you’ll need to create a file full of potential targets and a file of usernames to try. A simple password file is distributed with SSHatter but you may want download and utilize a more extensive one. SSHatter also uses a file of usernames. Again, you can download an extensive file or perhaps tailor this file to the target system. For our purposes we’ll simply target localhost and try and brute force the user root:

$ perl SSHatter.pl
usage: SSHatter.pl
  sleeptime: 0 - disable retries at SSHatter.pl line 62.
$ echo root > users
$ echo 127.0.0.1 > targets
$ perl SSHatter.pl 1 targets users passwords 1 1

Evaluation

The source code to SSHatter is a mere 168 lines, making it rather compact. SSHatter also supports connection attempts to alternate port numbers if the targets are listed with an IP address, then a colon and the port (i.e. 127.0.0.1:20). SSHatter does include the handy functionality of being able to sleep between tries, so you can slow your brute force attempts, which may evade some filters.

All in all SSHatter is a simple, straightforward tool. It isn’t particulary fast, stealthy or easy to use. It doesn’t include any advanced functionality such as documentation, randomly generated passwords or a GUI. SSHatter also doesn’t have any easy way to configure scans of ranges of IP’s and seems to rely on a pre-built target list. SSHatter is also distributed as copyrighted material, rather than as GPL material, which will probably limit any sort of participation or active development community.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s