Shell Programming and Scripting

I want to test the effectiveness of sshguard on some of my systems so I'm trying to write a script that simulates a brute force attack by sending a bunch of different username and password combinations to the servers being tested. So far I have this:

Code:

#!/usr/local/bin/expect
set timeout 3
set user test
set password test
set host 192.168.0.5
set pwd test

    spawn ssh -oPort=22 $user@$host
    expect "password"
    send $pwd"\r"
    expect "password"
    send $pwd"\r"
    expect "password"
    send $pwd"\r"
    send "exit\r"
    interact

This works fine but I would like for the script to read usernames from a file one at a time and connect as each of the users. I've seen some examples of expect loops and tried them but they all seem to read the whole file as a string instead of executing the SSH command for each line in the file. How can I make this work?

Thanks!

J.

A good imitation of a brute-force attack script would effectively be a brute-force attack script, not something I'm sure unix.com really needs on its forums

So if instead I had asked how to write a script that would copy a file to a few remote servers using different credentials in a secure manner, it would have been ok?

The point is that I need to know how to loop through a file using an expect script. If anyone can help, that would be great.

Thanks!

That sounds a lot better, yes. Surely you could modify it for what you liked.

I don't know much about expect myself unfortunately.

Perhaps this expect loop will be useful to you. Not the same problem, but shows loops.

The following will read a file line-by-line. Replace "users.txt" with the name and path to your file.

Code:

#!/usr/bin/expect -f
#

set fh [ open "users.txt" r]

set fileData [read $fh]

close $fh

set data [split $fileData "\n"]
foreach line $data {
    puts $line
}

Thank you! It works perfectly!