[Violent Python] - Building An SSH Botnet With Python

Now that we have constructed a port scanner to find targets, we can begin the task of exploiting the vulnerabilities of each service. The Morris Worm includes forcing common usernames and passwords against the remote shell(RSH) service as one of its three attack vectors. In 1988, RSH provided an excellent(although not very secure) method for a system administrator to remotely connect to a machine and manage it by performing a series of terminal commands on the host. The Secure Shell(SSH) protocol has since replaced RSH by combining RSH with a public-key cryptographic scheme in order to secure the traffic. However, this does very little to stop the same attack vector by forcing out common user names and passwords. SSH Worms have proven to be very successful and common attack vectors. Luckily for us, the IDS(Intrusion detection system) prevented further SSH login attempts from the attacking IP address after noticing its trend to forcibly produce the passwords.

Received From: violentPython->/var/log/auth.log
Rule: 5712 fired (level 10) -> "SSHD brute force trying to get access
to the system."
Portion of the log(s):
Oct 13 23:30:30 violentPython sshd[10956]: Invalid user ucla from
67.228.3.5842 CHAPTER 2: Penetration Testing with Python
Oct 13 23:30:29 violentPython sshd[10954]: Invalid user ucla from
67.228.3.58
Oct 13 23:30:29 violentPython sshd[10952]: Invalid user oxford from
67.228.3.58
Oct 13 23:30:28 violentPython sshd[10950]: Invalid user oxford from
67.228.3.58
Oct 13 23:30:28 violentPython sshd[10948]: Invalid user oxford from
67.228.3.58
Oct 13 23:30:27 violentPython sshd[10946]: Invalid user matrix from
67.228.3.58
Oct 13 23:30:27 violentPython sshd[10944]: Invalid user matrix from
67.228.3.58