首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
SSH / SSL RSA Private Key Passphrase Dictionary Enumerator Exploit
来源:https://ethical-hacker.org/ 作者:Donev 发布时间:2018-04-10  
#!/usr/bin/perl
#
#  SSH/SSL RSA Private Key Passphrase dictionary enumerator
#
#  Copyright 2018 (c) Todor Donev <todor.donev at gmail.com>
https://ethical-hacker.org/
https://facebook.com/ethicalhackerorg
#
#  [<A class=__cf_email__ href="/cdn-cgi/l/email-protection" data-cfemail="f4809b909b86b484959895909d8199">[email protected]</A>]$ ssh-keygen -t rsa -b 4096 -C "<A class=__cf_email__ href="/cdn-cgi/l/email-protection" data-cfemail="7f161119103f1a0b17161c1e1352171e1c141a0d51100d18">[email protected]</A>"
#  Generating public/private rsa key pair.
#  Enter file in which to save the key (/home/todor/.ssh/id_rsa): test_rsa.prv
#  Enter passphrase (empty for no passphrase): 
#  Enter same passphrase again: 
#  Your identification has been saved in test_rsa.prv.
#  Your public key has been saved in test_rsa.prv.pub.
#  The key fingerprint is:
#  ---    SNIP     ---  <A class=__cf_email__ href="/cdn-cgi/l/email-protection" data-cfemail="98f1f6fef7d8fdecf0f1fbf9f4b5f0f9fbf3fdeab6f7eaff">[email protected]</A>
#  The key's randomart image is:
#  +--[ RSA 4096]----+
#  ---    SNIP     ---
#  ---    SNIP     ---
#  ---    SNIP     ---
#  ---    SNIP     ---
#  ---    SNIP     ---
#  ---    SNIP     ---
#  ---    SNIP     ---
#  +-----------------+
#  [<A class=__cf_email__ href="/cdn-cgi/l/email-protection" data-cfemail="e4908b808b96a494858885808d9189">[email protected]</A>]$ perl ssh-ssl-enum-privkey.pl test_rsa.prv wordlist.txt 
#  [+] SSH/SSL RSA Private Key Passphrase dictionary enumerator
#  [*] ======
#  [?] root != Passphrase
#  [?] toor != Passphrase
#  [?] r00t != Passphrase
#  [?] t00r != Passphrase
#  [?] admin != Passphrase
#  [?] nimda != Passphrase
#  [?] support != Passphrase
#  [?] devel != Passphrase
#  [?] oper != Passphrase
#  [?] operator != Passphrase
#  [?] hacker != Passphrase
#  [?] h4x0r != Passphrase
#  [?] noob != Passphrase
#  [?] n00b != Passphrase
#  [?] boon != Passphrase
#  [?] b00n != Passphrase
#  [*] ======
#  [!] Author: Todor Donev <todor.donev at gmail.com>
#  [!] https://ethical-hacker.org/
#  [!] https://fb.com/ethicalhackerorg
#  [*] ======
#  [*] Passphrase for test_rsa.prv is Ethical-Hacker-Bulgaria-2o18
#
#
#  Disclaimer:
#  This or previous programs is for Educational
#  purpose ONLY. Do not use it without permission.
#  The usual disclaimer applies, especially the
#  fact that Todor Donev is not liable for any
#  damages caused by direct or indirect use of the
#  information or functionality provided by these
#  programs. The author or any Internet provider
#  bears NO responsibility for content or misuse
#  of these programs or any derivatives thereof.
#  By using these programs you accept the fact
#  that any damage (dataloss, system crash,
#  system compromise, etc.) caused by the use
#  of these programs is not Todor Donev's
#  responsibility.
#
#  Use them at your own risk!
#
#  Requirements:
#  cpan install Crypt::PK::RSA
  
  
use strict;
use warnings;
use Crypt::PK::RSA;
  
my ($p, $w) = @ARGV;
my $k = Crypt::PK::RSA->new;
print "[+] SSH/SSL RSA Private Key Passphrase dictionary enumerator\n";
&banner and die "[!] Usage: perl $0 <PRIVATE RSA KEY> <WORDLIST>" if  @ARGV != 2;
my $iskey = do {
open (PRIVKEY, "  <$p") or die "[-] Error: $p $!";
<PRIVKEY>
};
&banner and print "[-] Error: The choosen file is empty" and exit if (-z $p);
&banner and print "[-] Error: The choosen file is not valid private RSA key\n" and exit if $iskey !~ /--BEGIN RSA PRIVATE KEY--/;
open (WORDLIST, "  <$w") or die "[-] Error: $w $!";
die "[-] Error: The wordlist is empty" if (-z $w);
my @file = <WORDLIST>;
print "[*] ======\n";
foreach my $c(@file)
{
  chomp $c;
if (! eval { $k->import_key($p, $c) }) {
  
        print "[?] $c != Passphrase\n";
} else{
       &banner and die "[*] Passphrase for $p is $c\n";
    }
}
close (WORDLIST);
&banner and print "[-] Sorry, I could not find the passphrase or the private key is corrupted!\n" and exit;
  
sub banner{
print "[*] ======\n";
print "[!] Author: Todor Donev <todor.donev at gmail.com>\n";
print "[!] https://ethical-hacker.org/\n";
print "[!] https://fb.com/ethicalhackerorg\n";
print "[*] ======\n";
}

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Adobe Flash 28.0.0.137 Remote
·H2 Database - 'Alias' Arbitrar
·PMS 0.42 Stack-Based Buffer Ov
·GoldWave 5.70 - Local Buffer O
·Sophos Endpoint Protection Con
·CyberArk Password Vault < 9.7
·Sophos Endpoint Protection 10.
·CyberArk Password Vault Web Ac
·Microsoft Windows - Multiple U
·DVD X Player Standard 5.5.3.9
·ProcessMaker Plugin Code Execu
·Google Chrome V8 JIT - 'LoadEl
  推荐广告
CopyRight © 2002-2025 VFocuS.Net All Rights Reserved