前言
最近在做各种系统的各种登录服务(ssh,vftpd等),但是我测试总是需要手动去输入密码很不爽,于是就有了以下几种自动输入的脚本:
- ssh利用sshpass,自动输入密码
- vsftpd利用expect,当识别到回显内容是指定的内容时,固定输入密码
以上方式极大的解放了我双手。
虽然有hybird等自动爆破工具,但是他们都是有限密码字典遍历,我是为了测试,需要不断输入密码错误和输入密码成功
过程
ssh自动登陆
类似ssh爆破
需要安装sshpass
#!/bin/bash
host='192.168.111.141'
pass='123456'
wrong_pass='12345'
login_count=10
max_count=3600
count=0
while [ $count -le $max_count ]; do
if [ $((count % login_count)) -eq 0 ];then
echo "logining ,wait"
echo "server is $host passwd is $pass"
echo "sshpass -p "$pass" ssh root@$host "ls""
sshpass -p "$pass" ssh root@$host "ls"
[ $? == 0 ] && echo "这台server $host 已经破解 $ip"
pid=$(ps aux | grep "sshpass" | awk '{print $2}' | sort -n | head -n 1)
echo "ssh command is running, pid:${pid}"
sleep 3 && kill ${pid} && echo "ssh command is complete"
else
echo "login fail test ,wait"
echo "server is $i passwd is $wrong_pass"
sshpass -p "$wrong_pass" ssh root@$host "ls"
echo "$host login failed"
fi
sleep 2
count=$((count+1))
echo "[try time:$count]"
done
ftp自动登陆
需要安装expect
#!/bin/bash
ip='192.168.111.141'
username='ftp'
wrong_user=''
wrong_pass='12345'
max_count=10
count=0
login_count=10
login_success(){
/usr/bin/expect<<-EFO
spawn ftp $ip
sleep 1
expect {
"Name ($ip:root)" { send "$username\r";exp_continue};
"Password:" { send "$wrong_pass\r";exp_continue};
"Login failed." { send "quit\r";exp_continue};
"Login successful." { send "quit\r";exp_continue};
}
EFO
}
login_fail(){
/usr/bin/expect<<-EFO
spawn ftp $ip
sleep 1
expect {
"Name ($ip:root)" { send "$wrong_user\r";exp_continue};
"Password:" { send "$wrong_pass\r";exp_continue};
"Login failed." { send "quit\r";exp_continue};
"Login successful." { send "quit\r";exp_continue};
}
EFO
}
while [ $count -le $max_count ];do
echo "[start auto ftp login]"
count=$((count + 1))
if [ $((count % login_count)) -eq 0 ];then
echo "[start auto ftp login sucess]"
login_success
else
echo "[start auto ftp login fail]"
login_fail
fi
echo "[finish auto ftp login]"
done
总结
sshpass仅局限于ssh登录的时候
expect就很灵活,遇到什么输出就自动指定输入