Expect script that simulates a SSH brute force attack Post: 302913212

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Apache brute force attack

Hi, I'm trying find out if there is a way to stop a brute force attack on a Webmail site. I'm trying to setup a webmail access, but I would like to prevent too many invalid logins from the same IP. I've looked into Snort, but I was wondering if there was an application level firewall that can...

2. UNIX for Advanced & Expert Users

Brute force SMTP attack right now help

Im currently experiancing a brute force attack on my server Nov 26 15:27:04 ws096 saslauthd: do_auth : auth failure: Nov 26 15:27:13 ws096 saslauthd: do_auth : auth failure: Nov 26 15:27:22 ws096 saslauthd: do_auth : auth failure: Nov 26 15:27:29 ws096...

3. Shell Programming and Scripting

Expect script to ssh into MMI

Guys, I know this is tricky.. I'm trying to write a script to pull info from a MMI device. Following script logins into the server and then changes to super user. Opens MMI session and then exits out. I need to run the command under the MMI session "dsp_alarm_span all" Is there any other way to...

4. Shell Programming and Scripting

SSH Expect Script

Ok, i don't know if anyone else here have had to deal with something like this before, but here's my situation. I have about 1000+ servers I need to log into to do something. What i need to do is to log into each server, go to a certain directory on each of the servers, copy the files that...

5. Shell Programming and Scripting

Expect Script to Automate SSH

How would I write an expect script to automate ssh and what file extention do expect files use?

6. Shell Programming and Scripting

Script using SSH with expect command

Hi all, I want to connect to some host with "ssh". I have googled and got some commands of "expect" and "spawn". I was not aware of these commands and tried below script. $ cat auto.sh set host xx.xx.xx.xx set password abcd@1234 set user root spawn ssh $user@$host expect "*?assword:*"...

7. Shell Programming and Scripting

Passing Password to SSH without using expect in a Script

How can I pass password in SSH command without using expect in a shell program. I don't have expect installed on my Solaris server. #!/bin/bash ssh user@hotname (how to supply pass in script?:wall:) Experts please help its very urgent. Shrawan Kumar Sahu

8. Cybersecurity

DDoS and brute force attack

How to protect DDoS and brute force attack. I want to secure my server and block attacker.

9. Shell Programming and Scripting

SFTP or scp with password in a batch script without using SSH keys and expect script

Dear All, I have a requirement where I have to SFTP or SCP a file in a batch script. Unfortunately, the destination server setup is such that it doesn't allow for shell command line login. So, I am not able to set up SSH keys. My source server is having issues with Expect. So, unable to use...

LEARN ABOUT DEBIAN

authen::passphrase::blowfishcrypt

Authen::Passphrase::BlowfishCrypt(3pm)			User Contributed Perl Documentation		    Authen::Passphrase::BlowfishCrypt(3pm)

NAME

       Authen::Passphrase::BlowfishCrypt - passphrases using the Blowfish-based Unix crypt()

SYNOPSIS

	       use Authen::Passphrase::BlowfishCrypt;

	       $ppr = Authen::Passphrase::BlowfishCrypt->new(
		       cost => 8,
		       salt => "sodium__chloride",
		       hash_base64 => "BPZijhMHLvPeNMHd6XwZyNamOXVBTPi");

	       $ppr = Authen::Passphrase::BlowfishCrypt->new(
		       cost => 8, salt_random => 1,
		       passphrase => "passphrase");

	       $ppr = Authen::Passphrase::BlowfishCrypt->from_crypt(
		       '$2a$08$a07iYVTrVz7hYEvtakjiXOB'.
		       'PZijhMHLvPeNMHd6XwZyNamOXVBTPi');

	       $ppr = Authen::Passphrase::BlowfishCrypt->from_rfc2307(
		       '{CRYPT}$2a$08$a07iYVTrVz7hYEvtakjiXOB'.
		       'PZijhMHLvPeNMHd6XwZyNamOXVBTPi');

	       $key_nul = $ppr->key_nul;
	       $cost = $ppr->cost;
	       $cost = $ppr->keying_nrounds_log2;
	       $salt = $ppr->salt;
	       $salt_base64 = $ppr->salt_base64;
	       $hash = $ppr->hash;
	       $hash_base64 = $ppr->hash_base64;

	       if($ppr->match($passphrase)) { ...

	       $passwd = $ppr->as_crypt;
	       $userPassword = $ppr->as_rfc2307;

DESCRIPTION

       An object of this class encapsulates a passphrase hashed using the Blowfish-based Unix crypt() hash function, known as "bcrypt".  This is a
       subclass of Authen::Passphrase, and this document assumes that the reader is familiar with the documentation for that class.

       The crypt() function in a modern Unix actually supports several different passphrase schemes.  This class is concerned only with one
       particular scheme, a Blowfish-based algorithm designed by Niels Provos and David Mazieres for OpenBSD.  To handle the whole range of
       passphrase schemes supported by the modern crypt(), see the from_crypt constructor and the as_crypt method in Authen::Passphrase.

       The Blowfish-based crypt() scheme uses a variant of Blowfish called "Eksblowfish", for "expensive key schedule Blowfish".  It has the
       cryptographic strength of Blowfish, and a very slow key setup phase to resist brute-force attacks.  There is a "cost" parameter to the
       scheme: the length of key setup is proportional to 2^cost.  There is a 128-bit salt.  Up to 72 characters of the passphrase will be used;
       any more will be ignored.

       The cost, salt, and passphrase are all used to (very slowly) key Eksblowfish.  Once key setup is done, the string
       "OrpheanBeholderScryDoubt" (three Blowfish blocks long) is encrypted 64 times in ECB mode.  The final byte of the ciphertext is then
       dropped, yielding a 23-byte hash.

       In the crypt() function the salt and hash are represented in ASCII using a base 64 encoding.  The base 64 digits are ".", "/", "A" to "Z",
       "a" to "z", "0" to "9" (in that order).	The 16-byte salt is represented as 22 base 64 digits, and the 23-byte hash as 31 base 64 digits.

       This algorithm is intended for situations where the efficiency of a brute force attack is a concern.  It is suitable for use in new
       applications where this requirement exists.  If that is not a concern, and it suffices to merely make brute force the most efficient
       attack, see Authen::Passphrase::SaltedDigest for more efficient hash algorithms.

       Choice of the cost parameter is critical, due to the need to trade off expense of brute-force attack against speed of legitimate passphrase
       verification.  A traditional target is that verification should take about one second on widely-available hardware.  (Algorithms that are
       concerned about brute force speed but lack a cost parameter have often aimed for this, with respect to hardware available at the time of
       the algorithm's introduction.)  As of 2011, this is achieved with a cost parameter around 14.

CONSTRUCTORS

       Authen::Passphrase::BlowfishCrypt->new(ATTR => VALUE, ...)
	   Generates a new passphrase recogniser object using the Blowfish-based crypt() algorithm.  The following attributes may be given:

	   key_nul
	       Truth value indicating whether to append a NUL to the passphrase before using it as a key.  The algorithm as originally devised
	       does not do this, but it was later modified to do it.  The version that does append NUL is to be preferred.  Default true.

	   cost
	       Base-two logarithm of the number of keying rounds to perform.

	   keying_nrounds_log2
	       Synonym for cost.

	   salt
	       The salt, as a 16-byte string.

	   salt_base64
	       The salt, as a string of 22 base 64 digits.

	   salt_random
	       Causes salt to be generated randomly.  The value given for this attribute is ignored.  The source of randomness may be controlled
	       by the facility described in Data::Entropy.

	   hash
	       The hash, as a 23-byte string.

	   hash_base64
	       The hash, as a string of 31 base 64 digits.

	   passphrase
	       A passphrase that will be accepted.

	   The cost and salt must be given, and either the hash or the passphrase.

       Authen::Passphrase::BlowfishCrypt->from_crypt(PASSWD)
	   Generates a new passphrase recogniser object using the Blowfish-based crypt() algorithm, from a crypt string.  The crypt string must
	   start with "$2$" for the version that does not append NUL to the key, or "$2a$" for the version that does.  The next two characters
	   must be decimal digits giving the cost parameter.  This must be followed by "$", 22 base 64 digits giving the salt, and finally 31 base
	   64 digits giving the hash.

       Authen::Passphrase::BlowfishCrypt->from_rfc2307(USERPASSWORD)
	   Generates a new passphrase recogniser object using the Blowfish-based crypt() algorithm, from an RFC 2307 string.  The string must
	   consist of "{CRYPT}" (case insensitive) followed by an acceptable crypt string.

METHODS

       $ppr->key_nul
	   Returns a truth value indicating whether a NUL will be appended to the passphrase before using it as a key.

       $ppr->cost
	   Returns the base-two logarithm of the number of keying rounds that will be performed.

       $ppr->keying_nrounds_log2
	   Synonym for "cost".

       $ppr->salt
	   Returns the salt, as a string of sixteen bytes.

       $ppr->salt_base64
	   Returns the salt, as a string of 22 base 64 digits.

       $ppr->hash
	   Returns the hash value, as a string of 23 bytes.

       $ppr->hash_base64
	   Returns the hash value, as a string of 31 base 64 digits.

       $ppr->match(PASSPHRASE)
       $ppr->as_crypt
       $ppr->as_rfc2307
	   These methods are part of the standard Authen::Passphrase interface.

SEE ALSO

       Authen::Passphrase, Crypt::Eksblowfish::Bcrypt

AUTHOR

       Andrew Main (Zefram) <zefram@fysh.org>

COPYRIGHT

       Copyright (C) 2006, 2007, 2009, 2010, 2012 Andrew Main (Zefram) <zefram@fysh.org>

LICENSE

       This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

perl v5.14.2							    2012-02-07				    Authen::Passphrase::BlowfishCrypt(3pm)