SSHatter SSH Brute Forcer

16 September 2011
SSHatter is a simple SSH brute forcer written in Perl. Although it is not a very robust tool, it is still useful when combined with other target enumeration tools such as NMAP.

SSHatter is an SSH brute force utility available from http://freshmeat.net/projects/sshatter/?branch_id=70781&release_id=263196. Essentially the tool is comprised of a small Perl file. The utility requires a few non-standard Perl libraries but these are easily installed. You must have Perl installed to use SSHatter.

Installing SSHatter

First download and unpack the tool:

$ wget http://freshmeat.net/redir/sshatter/70781/url_tgz/get.php
$ tar -xvzf SSHatter-0.6.tar.gz
SSHatter-0.6/
SSHatter-0.6/src/
SSHatter-0.6/src/INSTALL
SSHatter-0.6/src/SSHatter.pl
SSHatter-0.6/src/passwords
SSHatter-0.6/src/TODO
SSHatter-0.6/src/md5.asc
$ cd SSHatter-0.6/src

Next you may have to install the following perl libraries.

Install Parallel::ForkManager

To install Parallel:::Forkmanager it is easiest to simply download the source from http://search.cpan.org/~dlux/Parallel-ForkManager-0.7.5/ForkManager.pm and compile the module yourself:

$ wget http://search.cpan.org/CPAN/authors/id/D/DL/DLUX/Parallel-ForkManager-0.7.5.tar.gz
$ tar -xvzf Parallel-ForkManager-0.7.5.tar.gz
$ cd Parallel-ForkManager-0.7.5
$ perl Makefile.pl
$ make
$ sudo make install

Install Net::SSH-Perl

This package is usually distributed as a package and can easily be installed on most systems. On Fedora use:

$ sudo yum install perl-Net-SSH-Perl

Once you have installed these modules you'll need to create a file full of potential targets and a file of usernames to try. A simple password file is distributed with SSHatter but you may want download and utilize a more extensive one. SSHatter also uses a file of usernames. Again, you can download an extensive file or perhaps tailor this file to the target system. For our purposes we'll simply target localhost and try and brute force the user root:

$ perl SSHatter.pl
usage: SSHatter.pl      
  sleeptime: 0 - disable retries at SSHatter.pl line 62.
$ echo root > users
$ echo 127.0.0.1 > targets
$ perl SSHatter.pl 1 targets users passwords 1 1

Evaluation

The source code to SSHatter is a mere 168 lines, making it rather compact. SSHatter also supports connection attempts to alternate port numbers if the targets are listed with an IP address, then a colon and the port (i.e. 127.0.0.1:20). SSHatter does include the handy functionality of being able to sleep between tries, so you can slow your brute force attempts, which may evade some filters.

All in all SSHatter is a simple, straightforward tool. It isn't particulary fast, stealthy or easy to use. It doesn't include any advanced functionality such as documentation, randomly generated passwords or a GUI. SSHatter also doesn't have any easy way to configure scans of ranges of IP's and seems to rely on a pre-built target list. SSHatter is also distributed as copyrighted material, rather than as GPL material, which will probably limit any sort of participation or active development community.