Implement Command Execution - Output

[metadone666]

let's pretend I say -X 'uname -a' ... is there any way that the "uname -a" info to be printed in output text ?

[metadone666]

so the output will look like admin:admin:xx.xx.xx.xx:22:Linux:SSH-2.0-dropbear_0.52:ARM926EJ-S rev 4 (v5l):123 120 x x x xx:vuln

[matricali]

How you propose that we got to manage that output, especially with big batches of hosts and combinations?

At the moment, I think that the best way to handle this is logging the output on separated files and not on standard output (Screen)

What do you think?

[metadone666]

How you propose that we got to manage that output, especially with big batches of hosts and combinations?

At the moment, I think that the best way to handle this is logging the output on separated files and not on standard output (Screen)

What do you think?

Thanks for response, brother !

well, let's say i write this :

./cbrutekrag -v -T /root/Desktop/targets -C /root/Desktop/combinations -t 90 -X 'uname -a' -o /root/Desktop/logs.txt

if i do this now, my output file will look like

[2019/10/04 21:16:58] LOGIN OK! 192.168.1.32:22 root root

Not bad at all ! But let's say we can also have the -X 'uname -a' info into the same file :D this will look like this :

Linux test 5.2.0-kali2-amd64 #1 SMP Debian 5.2.9-2kali1 (2019-08-22) x86_64 GNU/Linux LOGIN OK! 192.168.1.32:22 root root

so we can also collect infos about the server.

of course, less text = better look.

also a fake process could be awesome, but i'll post an issue about this implementation.

CHEERS !!! And thank you !

[metadone666]

Any news ? :)

[matricali]

Any news ? :)

Sorry for the delay bro... I will work on this during this week. I promise :hand:

[metadone666]

Any news ? :)

Sorry for the delay bro... I will work on this during this week. I promise ✋

Thanks a million !! Good people, good life !

[matricali]

@metadone666 I will implement command output to separated files. I need some time to clean up the code and make some design changes, then I can implement a good output according to your suggestion

[metadone666]

@metadone666 I will implement command output to separated files. I need some time to clean up the code and make some design changes, then I can implement a good output according to your suggestion

Thanks so much, Brother ! To make the long stuff short, i'll give you a short example of what i think about this being purrfect. Is doing great atm. The -X works fine. I was thinking to let cbrute auto-execute "uname -a" on top of the eventual command i will execute. ./cbrutekrag -v -p 22 TARGET COMBOS -X 'service ssh stop' -o log.txt so, we stop the ssh service on the vulnerable hosts, but, i would love to have 'uname -a' infos in log.txt. So. cbrutekrag will auto-execute and write in -o log.txt the infos, and i'll be able to execute -X without aditional text to the log.txt. The fake process is also a great must-have option. i'll post the demo script for what i think fake-process is :

trcpy(argv[0],FAKE); // fake the proccess name. while(fgets(buff,sizeof(buff),fp)) { c=strchr(buff,'n'); if(c!=NULL) *c='.'; if (!(fork())) { where=0; // printf("--> attacking %s",buff); for (i=0; i<count; i=i+2){ // printf("--> Trying %s:%s %sn",a[i],a[i+1],buff); checkauth(a[i],a[i+1],buff); // try to auth } exit(0);

Thanks a million, congratulations for this powerful tool !

[matricali]

We're talking about several features in a single discussion thread. Feel free to create more issues as needed with your feature requests.

About the needed information on "main output log": Putting here command results may be problematic, due to line breaks of command s that generates a multi-line output. Let me analyze it, I'm still working on it.

Regarding "getting host information" point: In most cases (according to SSH server configuration) you can get information about the OS looking into SSH server banner. Maybe it is the most sensate data that we can add to the main output.

[metadone666]

Beautiful ! Issue solved! Going to create the next one ! U the best !