Sysadmin > SecurityAndPentests > PlotHydraLogins

Plot successfull logins with gnuplot

# Erfolgreiche Logins plotten
cat tmp.all.hydraout5 | grep -v "^# Hydra" | grep -v | sort -n | uniq > tmp.sshscan
cat tmp.sshscan | awk '{print $3 " " $5":"$7}' > tmp.sshlogin
cat tmp.sshlogin | awk '{print $1}' | sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4 | uniq | nl > tmp.ips
cat tmp.sshlogin | awk '{print $2}' | sort -n | uniq | nl > tmp.lo
cat tmp.ips | awk '{print "s/"$2"\\ /"$1"\\ "$2"\\ /g"}' > tmp.repl.ips
cat tmp.lo | awk '{print "s/\\ "$2"/\\ "$1"\\ "$2"/g"}' > tmp.repl.lo
cat tmp.sshlogin | sed -f tmp.repl.ips > tmp.sshlogin2
cat tmp.sshlogin2 | sed -f tmp.repl.lo > tmp.sshlogin3
gnuplot ip_vs_login.gnuplot

rm tmp.sshlogin2 tmp.sshlogin3 tmp.ips tmp.lo tmp.repl.ips tmp.repl.lo tmp.sshlogin tmp.sshscan is a ILOM interface which accepts every login at the first place and presents proprietary login mask afterwards.


set terminal png large size 9000,14000
set border 0
set xtics nomirror
set ytics nomirror
set xtic rotate by 90
set xlabel 'successfull login:password-combinations'
set ylabel 'IPs in 10.135 net with successfull ssh-, telnet- or cifs-logins'
set output "ip-succssh.png"
plot "tmp.sshlogin3" using 3:1:xticlabel(4):yticlabel(2)

Depending on the number of successfull logins, you have to adjust the pixel size in the first line.


[22][ssh] host:   login: chef password: chef
[22][ssh] host:   login: offen   password: offen
[22][ssh] host:   login: root   password: sonne
[22][ssh] host:   login: chef password: chef
[22][ssh] host:   login: birne   password: Stanislav
[22][ssh] host:   login: artestpc6   password: 99adm
[22][ssh] host:   login: axadm   password: Stanislav
[22][ssh] host:   login: axadm_pc6   password: 99adm
[22][ssh] host:   login: axroot   password: Stanislav
[22][ssh] host:   login: axu6user   password: Stanislav