Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Expect script that simulates a SSH brute force attack
Top Forums Shell Programming and Scripting Expect script that simulates a SSH brute force attack Post 302913197 by ph0enix on Thursday 14th of August 2014 11:56:02 AM
Old 08-14-2014
Expect script that simulates a SSH brute force attack
I want to test the effectiveness of sshguard on some of my systems so I'm trying to write a script that simulates a brute force attack by sending a bunch of different username and password combinations to the servers being tested. So far I have this:

Code:
#!/usr/local/bin/expect
set timeout 3
set user test
set password test
set host 192.168.0.5
set pwd test

    spawn ssh -oPort=22 $user@$host
    expect "password"
    send $pwd"\r"
    expect "password"
    send $pwd"\r"
    expect "password"
    send $pwd"\r"
    send "exit\r"
    interact

This works fine but I would like for the script to read usernames from a file one at a time and connect as each of the users. I've seen some examples of expect loops and tried them but they all seem to read the whole file as a string instead of executing the SSH command for each line in the file. How can I make this work?

Thanks!

J.
Last edited by Corona688; 08-14-2014 at 01:03 PM..
 

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Apache brute force attack

Hi, I'm trying find out if there is a way to stop a brute force attack on a Webmail site. I'm trying to setup a webmail access, but I would like to prevent too many invalid logins from the same IP. I've looked into Snort, but I was wondering if there was an application level firewall that can... (1 Reply)
Discussion started by: nitin
1 Replies

2. UNIX for Advanced & Expert Users

Brute force SMTP attack right now *help*

Im currently experiancing a brute force attack on my server Nov 26 15:27:04 ws096 saslauthd: do_auth : auth failure: Nov 26 15:27:13 ws096 saslauthd: do_auth : auth failure: Nov 26 15:27:22 ws096 saslauthd: do_auth : auth failure: Nov 26 15:27:29 ws096... (4 Replies)
Discussion started by: mcraul
4 Replies

3. Shell Programming and Scripting

Expect script to ssh into MMI

Guys, I know this is tricky.. I'm trying to write a script to pull info from a MMI device. Following script logins into the server and then changes to super user. Opens MMI session and then exits out. I need to run the command under the MMI session "dsp_alarm_span all" Is there any other way to... (2 Replies)
Discussion started by: miltonrods
2 Replies

4. Shell Programming and Scripting

SSH Expect Script

Ok, i don't know if anyone else here have had to deal with something like this before, but here's my situation. I have about 1000+ servers I need to log into to do something. What i need to do is to log into each server, go to a certain directory on each of the servers, copy the files that... (3 Replies)
Discussion started by: SkySmart
3 Replies

5. Shell Programming and Scripting

Expect Script to Automate SSH

How would I write an expect script to automate ssh and what file extention do expect files use? (11 Replies)
Discussion started by: Prodiga1
11 Replies

6. Shell Programming and Scripting

Script using SSH with expect command

Hi all, I want to connect to some host with "ssh". I have googled and got some commands of "expect" and "spawn". I was not aware of these commands and tried below script. $ cat auto.sh set host xx.xx.xx.xx set password abcd@1234 set user root spawn ssh $user@$host expect "*?assword:*"... (4 Replies)
Discussion started by: divya bandipotu
4 Replies

7. Shell Programming and Scripting

Passing Password to SSH without using expect in a Script

How can I pass password in SSH command without using expect in a shell program. I don't have expect installed on my Solaris server. #!/bin/bash ssh user@hotname (how to supply pass in script?:wall:) Experts please help its very urgent. Shrawan Kumar Sahu (4 Replies)
Discussion started by: ss135r
4 Replies

8. Cybersecurity

DDoS and brute force attack

How to protect DDoS and brute force attack. I want to secure my server and block attacker. (1 Reply)
Discussion started by: romanepo
1 Replies

9. Shell Programming and Scripting

SFTP or scp with password in a batch script without using SSH keys and expect script

Dear All, I have a requirement where I have to SFTP or SCP a file in a batch script. Unfortunately, the destination server setup is such that it doesn't allow for shell command line login. So, I am not able to set up SSH keys. My source server is having issues with Expect. So, unable to use... (5 Replies)
Discussion started by: ss112233
5 Replies

LEARN ABOUT SUNOS

pwd.h

pwd.h(3HEAD)							      Headers							      pwd.h(3HEAD)

NAME

       pwd.h, pwd - password structure

SYNOPSIS

       #include <pwd.h>

DESCRIPTION

       The <pwd.h> header provides a definition for struct passwd, which includes the following members:

       char  *pw_name	  user's login name
       uid_t pw_uid	  numerical user ID
       gid_t pw_gid	  numerical group ID
       char  *pw_dir	  initial working di rectory
       char  *pw_shell	  program to use as shell

       The gid_t and uid_t types are defined as described in <sys/types.h>. See types.h(3HEAD).

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Standard			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       getpwnam(3C), types.h(3HEAD), attributes(5), standards(5)

SunOS 5.10							    10 Sep 2004 						      pwd.h(3HEAD)
All times are GMT -4. The time now is 02:49 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy