HKTL_SSHBRUTE.GA-ELF

This Hacking Tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It arrives as a component bundled with malware/grayware packages.

It does not have any propagation routine.

It does not have any backdoor routine.

Arrival Details

This Hacking Tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It arrives as a component bundled with malware/grayware packages.

Propagation

This Hacking Tool does not have any propagation routine.

Backdoor Routine

This Hacking Tool does not have any backdoor routine.

Other Details

This Hacking Tool does the following:

• This hacking tool modifies the following files:
  • vuln.txt : appends the IP address of the host if bash is available and if the host is resolved or not
  • nobash.txt: appends the IP address of the host if bash is unavailable and if host is existing or not
• The hacking tool requires the following arguments to proceed with its intended routine:
  • max forks: (maximum forks allowed)
• The hacking tool requires the following files to proceed with its intended routine:
  • pass.txt: the list of usernames and passwords that will be used as credentials to login to hosts listed in scan.log
  • scan.log: list of IP addresses to connect to
• This hacking tool is used as a brute force tool to connect to a host specified in scan.log (list of IP addresses to connect to). It then uses the entries in pass.txt to login to the IP address. This is all done via SSH network protocol.