Hi gurus, I am trying to do some expect/TCL magic. My goal is to write some kind of password guessing script (nearly similar to dictionary attack against ssh). I read that this could be possible with expect/TCL, I am newbie in this language, its function and its terms so please be patient
The normal process of logging onto server looks like this:
Code:
SU-capitan:/home/unix/wakatana# ssh strom
This server is production server
wakatana's password: [TYPING CORRECT PASSWORD "unix"]
Authentication successful.
Your password has expired. You are now forced to change it.
Last login: Fri Jul 27 2012 15:24:13 +0100 from capitan
Sun Microsystems Inc. SunOS 5.10
Please note the following:
This server is production server
TERM = (unknown) [TYPED "xterm" AND PRESSED ENTER]
[SCREEN CLEARS AND SHELL APPEARS AS EXPECTED]
strom:/home/unix/wakatana$
However (probably due to ssh configuration - correct me if i am wrong) if I make typo in password typing I have another two chances:
Code:
SU-capitan:/home/unix/wakatana# ssh strom
This server is production server
wakatana's password:
wakatana's password:
wakatana's password:
warning: Authentication failed.
Disconnected; no more authentication methods available (No further authentication methods available.).
SU-capitan:/home/unix/wakatana#
So my goal is to try several passwords during login (it would be great to leverage all three chances for typing correct password, to prevent multiple connecting/disconnecting) and save some kind of report of this activity (for further processing).
My 1st attempt was following lines. Problem with this is that this solution "works" only if correct password is in pass1 variable, however I am still not able to catch the output in friendly format. In fact the output is not as straightforward that I can determine if login was successful or not.
Code:
SOURE CODE:
-------------
#!/usr/local/bin/expect
set pass1 "unix1\n";
set pass2 "unix2\n";
set pass3 "unix\n";
set machine [lindex $argv 0];
spawn ssh -q "${machine}" "exit";
expect {
-re "(P|p)assword:" {send ${pass1}; puts ${pass1}}
-re "(P|p)assword:" {send ${pass2}; puts ${pass2}}
-re "(P|p)assword:" {send ${pass3}; puts ${pass3}}
}
interact;
RESULT1:
---------
SU-capitan:/home/unix/wakatana# ./tcl1.tcl strom # pass1 contains WRONG pass
spawn ssh -q strom exit
wakatana's password: unix1
wakatana's password: [AT THIS POINT IT HANGS AND PRESSING ENTER IS REQUIRED]
wakatana's password: [AT THIS POINT IT HANGS AND PRESSING ENTER IS REQUIRED]
RESULT2:
---------
SU-capitan:/home/unix/wakatana# ./tcl1.tcl strom # pass1 contains CORRECT pass
spawn ssh -q strom exit
wakatana's password: unix
unix
Your password has expired. You are now forced to change it.
TERM = (unknown) [TYPED "xterm" AND PRESSED ENTER]
[SCREEN CLEARS AND SHELL APPEARS AS EXPECTED]
2nd try was just simple script which uses exp_continue that is still unclear to me (and I would appreciate if somebody could clear it), however it throws some errors:
Code:
SOURCE CODE:
--------------
#!/usr/local/bin/expect
set pass1 "unix\n";
set machine [lindex $argv 0];
spawn ssh -q "${machine}" "exit" ;
expect {
-re "(P|p)assword:" { send ${pass1}; exp_continue}
}
puts "PASSWORD: ${pass1}"
interact;
RESULT1:
---------
SU-capitan:/home/unix/wakatana# ./tcl2.tcl strom # pass1 contains correct pass
spawn ssh strom exit
This server is production server
wakatana's password:
Authentication successful.
Your password has expired. You are now forced to change it.
PASSWORD: unix
spawn_id: spawn id exp4 not open
while executing
"interact"
(file "./tcl2.tcl" line 13)
SU-capitan:/home/unix/wakatana#
3rd try was this, still some errors and awful output useless for further processing:
Code:
SOURCE CODE:
--------------
#!/usr/local/bin/expect
set pass1 "unix\n";
set machine [lindex $argv 0];
spawn ssh -q "${machine}" "exit" ;
expect {
-re "(P|p)assword:" { send ${pass1}; puts "PASSWORD: ${pass1}"; exp_continue}
}
interact;
RESULT:
--------
SU-capitan:/home/unix/wakatana# ./tcl3.tcl strom
spawn ssh -q strom exit
wakatana's password: PASSWORD: unix
Your password has expired. You are now forced to change it.
spawn_id: spawn id exp4 not open
while executing
"interact"
(file "./tcl3.tcl" line 11)
4th try, after reading somewhere that expect consists of: "expect pattern action pattern action..." and action can include another expect command. But after closer look it is obvious that even if all three passwords will be wrong as a correct solution will be propagated pass3. Also this solutions throws error because it will "expect" password even if the previous (eg. pass2) attempt matched (see Result bellow)
Code:
SOURCE CODE:
--------------
#!/usr/local/bin/expect
global var "";
set pass1 "unix1\n";
set pass2 "unix\n";
set pass3 "unix2\n";
set machine [lindex $argv 0];
spawn ssh -q "${machine}" "exit" ;
expect {
-re "(P|p)assword:" {
send ${pass1};
#puts ${pass1};
set var ${pass1};
expect {
-re "(P|p)assword:" {
send ${pass2};
#puts ${pass2};
set var ${pass2};
expect {
-re "(P|p)assword:" {
send ${pass3};
#puts ${pass3};
set var ${pass3};
}
}
}
}
}
}
puts "CORRECT PASSWORD IS: ${var}"
interact;
RESULT:
--------
SU-capitan:/home/unix/wakatana# ./tcl4.tcl strom
spawn ssh -q strom exit
wakatana's password:
wakatana's password:
Your password has expired. You are now forced to change it.
CORRECT PASSWORD IS: unix
spawn_id: spawn id exp4 not open
while executing
"interact"
(file "./tcl4.tcl" line 33)
Questions
1. How does expect knows when is typing of input possible (when I can invoke send) ?
- eg. Is expect capable to process also text that appears on screen but (user) input is not expected (in normal circumstances) ?
- or in other words, how expect know if app has input available or requires user interaction or what is the correct name
2. Does TCL=Expect ?
- or expect uses TCL ?
3. Does expect supports some kind of looping
- eg. If same text appears on screen which will match "expect" pattern (requesting password) the different "send" action will be called (passing next element from array)?
- in other words: How to "expect" same pattern for several times but "send" another string
4. Does expect supports something opposite to regexp, or negation of regexp ?
- eg. expecting some string in loop and calling send (passing password) but do another action if expect wont match string (password was guessed or chances expired)
- in other words: How to "expect" same pattern for several times and "send" another string but after not matching "expect"
5. In my situation, when I just want to know right password (connecting to server and after exiting) is command "interact" (or statement or whatever it is called) required ?
6. What exactly does exp_continue doing ? It seems like if it wont wait for requested input until "send" is invoked, is there some timeout or something similar ?
- eg. is possible to invoke "exp_continue" to repeat "send" but with different arguments and when "expect" wont match the exp_continue will break ?
7. Is possible to do some basic if else construction in input matching (in "expect")
- I would also handle following message "continue connecting yes/no"
I hope you understand what I am trying to say. If somebody cloud help I hope it will be helpful also for other expect/TCL newbies. Thank you very much.
hai all,
i have an tcl script in which i have been reading the DUT Command prompt of an cisco switch as
DUT Command Prompt : cisco*
and running the test case of stp now the problem is if i have given any blank space in between the cisco or at the startup then the Expect is not identifying the... (0 Replies)
Does anyone know of an expect/tcl forum that is as helpful as this one is for shell scripting?
Or if anyone has any expect knowledge, can you please provide some guidance on how to write to a local error log based on output from a ssh session?
I have something like this:
foreach host... (2 Replies)
In the following "for" loop I assume the the script will expect "anyway", "first" NOT in any paticular order and send "yes" when there found, breaking out of the loop when "$prompt" is found. The way it is working is like 3 individual expect lines, and they MUST be in cronological order. ANY help... (0 Replies)
Can someone identify what is the problem here?.
no children
while executing
"exp_wait -nowait -i -1"
(procedure "logOptions" line 45)
invoked from within
"logOptions"
(procedure "doExecute" line 98)
invoked from within
"doExecute"
(procedure "main" line 32)
... (7 Replies)
I'm having this problem with a very simple tcl expect script that is running on Solaris 5.3 with TCL version 8.4.7 and expect version 5.0.
below is the simplified version of the code snippet, which I think has everything to illustrate the problem, the full version is at the very bottom in... (0 Replies)
hi, I am new in Expect.
I have a question about expect timeout.
suppose I have a structure of
expect { ".."{
send"............"}
timeout{
...............
}
}
The silly question is if I reach timeout, how can I store the error message showing on the screen to... (2 Replies)
How can I pass password in SSH command without using expect in a shell program.
I don't have expect installed on my Solaris server.
#!/bin/bash
ssh user@hotname (how to supply pass in script?:wall:)
Experts please help its very urgent.
Shrawan Kumar Sahu (4 Replies)
Dear All,
I have a requirement where I have to SFTP or SCP a file in a batch script. Unfortunately, the destination server setup is such that it doesn't allow for shell command line login. So, I am not able to set up SSH keys. My source server is having issues with Expect. So, unable to use... (5 Replies)
Morning and Happy New Year to all.
I am in a situation where I need to connect to a list of devices that are using either telnet or ssh.
I want to try to telnet, if I receive any of the following I want to attempt ssh :
"Connection refused"
"Connection timed out"
timeout expiration
... (3 Replies)
07-30-2012
