Created
January 25, 2017 19:40
-
-
Save mohclips/58cddee4b0450b9947e52e0bed15a757 to your computer and use it in GitHub Desktop.
Brute force hashed known_hosts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import ipaddress | |
| import os | |
| import hashlib | |
| import hmac | |
| import base64 | |
| # markers (optional), hostnames, keytype, base64-encoded key, comment. The fields are separated by spaces. | |
| # Hashed hostnames start with a | character. Only one hashed hostname may appear on a single line and none of the above negation or wildcard operators may be applied. | |
| #|1|H5Cse4XEi086fGjcZlvllYroncs=|R2/3LqW6WNZK80FCU87104hWh0M= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB8f126fULy+4wjNeGi8gUWEbRF9W4uNOY/cehcq3GYgG97xXf1LC9JGMLZoV8Xj8kCUFZarts3lPRsHVq+H8lc= | |
| print "Generate Private IPs" | |
| IPs = [str(x) for x in ipaddress.ip_network(u"10.77.1.0/24").hosts()] | |
| print "Generate Public IPs" | |
| IPs = IPs + [str(x) for x in ipaddress.ip_network(u"62.60.42.0/24").hosts()] | |
| IPs = IPs + [str(x) for x in ipaddress.ip_network(u"62.60.51.0/24").hosts()] | |
| known_hosts = os.path.expanduser(os.path.join("~", ".ssh", "known_hosts")) | |
| print "Read known_hosts" | |
| with open(known_hosts) as f: | |
| lines = f.read().splitlines() | |
| print "Brute force known_hosts with generated IP addresses" | |
| lc=0 | |
| for line in lines: | |
| lc+=1 | |
| if '|1|' in line: | |
| (dummy, one, salt, hostbase) = line.split('|') | |
| host = hostbase.split(' ')[0] | |
| #print salt, host | |
| for ip in IPs: | |
| s = base64.decodestring(salt) | |
| hash = hmac.new(s, ip, hashlib.sha1).digest() | |
| b = base64.encodestring(hash) | |
| b = b.rstrip() | |
| if b == host: | |
| print "Found:",host,"at",lc,"with",ip | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Generate Private IPs | |
| Generate Public IPs | |
| Read known_hosts | |
| Brute force known_hosts with generated IP addresses | |
| Found: hJ98EXsk1khKqFGHgFJUue0K9LA= at 89 with 62.60.42.251 | |
| Found: QPViy3YREeXtI41DNQzHvuSaCG0= at 90 with 62.60.42.250 | |
| Found: e6lwh3kpNIk1Hdq9x9ATm7UHU8I= at 92 with 62.60.42.132 | |
| Found: 8piKq9Q7r2y5Y8TbiwqxFxRzPsw= at 93 with 62.60.42.199 | |
| Found: cLXBnnjaX08tI+eKKaT8xhhyF0M= at 94 with 62.60.42.190 | |
| Found: mRYq57hFuriub+lajoP85tZdw6k= at 95 with 62.60.42.160 | |
| Found: 9d9huUMbKXPEQ30CX/hDdjE2TvE= at 96 with 62.60.42.212 | |
| Found: 9UfMpw2q+vuO61mhdihYTOzLZ3c= at 97 with 62.60.42.213 | |
| Found: dQW/FJQvEBUu1v068MvEva2IkN4= at 98 with 62.60.42.217 | |
| Found: JIKFx77CMjGVNySMyvtx6fa0Dc8= at 99 with 62.60.42.219 | |
| Found: DcxGEuncJjA7hBGshGBq0dV/eTw= at 100 with 62.60.42.235 | |
| Found: 7ovHU9B3db05z7qrmGbfokwob+8= at 101 with 62.60.42.220 | |
| Found: zdDQ+wvd6uSxV/FYDV+5yVnnhIY= at 102 with 62.60.51.168 | |
| Found: krKxF7fvUDWeK/LHA22ql2PHkfk= at 103 with 62.60.51.212 | |
| Found: QBCi1d0HUTM3oL3RYXxLMl3Bc+A= at 105 with 62.60.51.232 | |
| Found: 9cNQtWrB25JY0HDGAcm1uOMcYhc= at 106 with 62.60.51.109 | |
| Found: n9m8QdD48MZUbX68mAZVabAYa0Q= at 107 with 62.60.51.251 | |
| Found: YTwNbYALPer3W/7yYvo4DPWvisE= at 108 with 62.60.51.252 | |
| Found: zrChvU1AyBebTxEiutRG0cJNo3Y= at 109 with 62.60.51.253 | |
| Found: pRctRHdan05mmMtrxLcbuBf4Hdc= at 110 with 62.60.51.26 | |
| Found: 9q1dmPrbfoIfTCistO6E40YSPbs= at 111 with 62.60.51.27 | |
| Found: 9OesAuF4tD+fH9FUVyRUFF99wy8= at 112 with 62.60.51.157 | |
| Found: 6YdBSAgpwaq8cyoFmvJro/iUiGI= at 113 with 62.60.51.16 | |
| Found: 5iH/jaC93Rsa5/TsqE5KpItmdT0= at 114 with 62.60.51.161 | |
| Found: OWM1krcRSpml6Gn4KxRPBKzrTg0= at 115 with 62.60.51.162 | |
| Found: AfRitEX3z9QBq2QNA0nI4/k5/uQ= at 116 with 62.60.51.185 | |
| Found: 5GJg8n5IVVEbwKWKUd/2UZq94do= at 117 with 62.60.51.186 | |
| Found: uUXoQDxaqQPMj4axFvwLB5Z4j20= at 118 with 62.60.51.187 | |
| Found: W/+rd83tpWdqpme3DDnhme8tmJg= at 119 with 62.60.51.192 | |
| Found: xJsmEwHXdpBiW0dFVlUxUu5v6Pc= at 120 with 62.60.51.196 | |
| Found: R2/3LqW6WNZK80FCU87104hWh0M= at 121 with 62.60.42.151 | |
| Found: VEuIwVcOe/JsawbyCN/ooDCqraM= at 122 with 10.77.1.3 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
While developing on Fujitsu K5, i realised that i was filling my known_hosts with IPs.
In my ssh_config now, for the address spaces i dont need:
Then, it says i adds to known_hosts, but it doesn't