Brute force attacks, one of the most common attacks initiated by script kiddies or crackers. Successful logins for various boxes includes good compensation especially if you get a Linux box and not just some Busybox routers, Linux embedded boxes or MikroTik RouterOS.
Today a lot of programmers and coders released a lof of network logon crackers just like THC-HYDRA and SSHtrix. But there are actually mass SSH scanners that are used for massive brute force attacks for a certain IP range. These include Unixcod, Piata, GSM Scanner, etc. In fact the ‘Silly Routers Release’ of Lulzsec included simple logins which is just the same to the dictionary list of the said mass SSH scanners. And if you think that the fake AnonPH got some skills because of releasing their own Silly Routers Release and SSH Logins in a DNN Vulnerable Website, then think again.. coz they are just using a mass SSH scanner. Now I’m not sure if they are using Piata or Unixcod but it’s probably Piata because of the familiar usernames and passwords. :p
Piata is usually archived and compressed in a tar file and it’s filename is ab.tar.gz. It has the same features of a Unixcod SSH Scanner and the GSM Scanner, the only difference is its bash filenames and wordlists. And so in this article, let’s try to take a look on how to use a Piata SSH Scanner which is the most common massive SSH scanner since it’s release(it’s quiet old already).
So what the attacker needs to do first is to set the IP range he wants to attack. So if the attacker uses the command ./a 124.107, the scanner will scan the IP Ranges 220.127.116.11 – 18.104.22.168.255 using the dictionary wordlist named as pass_file. The attacker could also execute the command ./mass 124 which attacks the IP Ranges 22.214.171.124 – 126.96.36.199. Successful attacks will be shown in the terminal and logged to the file named as vuln.txt.
These are some of the USER:PASS wordlists in Piata SSH Scanner:
I also observe today that most free SSH shell accounts are used by malicious attackers for scanning SSH Logins. I was able to discover this by using the command lines locate vuln.txt, locate mfu.txt, and locate pass_file and by grepping some commands found in the script in some Shell accounts I have.
And so the lesson here is not to use simple passwords and usernames like iloveu, sex, god, rock, 123456, love, 666, etc. Use alphanumeric keys but a complicated one and include characters like *, >, +, ~, =, )(, &, etc.
Be safe from simple attacks like brute force attacks. =)