前言
最近在做各种系统的各种登录服务(ssh,vftpd等),但是我测试总是需要手动去输入密码很不爽,于是就有了以下几种自动输入的脚本:
- ssh利用sshpass,自动输入密码
- vsftpd利用expect,当识别到回显内容是指定的内容时,固定输入密码
以上方式极大的解放了我双手。
虽然有hybird等自动爆破工具,但是他们都是有限密码字典遍历,我是为了测试,需要不断输入密码错误和输入密码成功
过程
ssh自动登陆
类似ssh爆破
需要安装sshpass
#!/bin/bash host='192.168.111.141' pass='123456' wrong_pass='12345' login_count=10 max_count=3600 count=0 while [ $count -le $max_count ]; do if [ $((count % login_count)) -eq 0 ];then echo "logining ,wait" echo "server is $host passwd is $pass" echo "sshpass -p "$pass" ssh root@$host "ls"" sshpass -p "$pass" ssh root@$host "ls" [ $? == 0 ] && echo "这台server $host 已经破解 $ip" pid=$(ps aux | grep "sshpass" | awk '{print $2}' | sort -n | head -n 1) echo "ssh command is running, pid:${pid}" sleep 3 && kill ${pid} && echo "ssh command is complete" else echo "login fail test ,wait" echo "server is $i passwd is $wrong_pass" sshpass -p "$wrong_pass" ssh root@$host "ls" echo "$host login failed" fi sleep 2 count=$((count+1)) echo "[try time:$count]" done
ftp自动登陆
需要安装expect
#!/bin/bash ip='192.168.111.141' username='ftp' wrong_user='' wrong_pass='12345' max_count=10 count=0 login_count=10 login_success(){ /usr/bin/expect<<-EFO spawn ftp $ip sleep 1 expect { "Name ($ip:root)" { send "$username\r";exp_continue}; "Password:" { send "$wrong_pass\r";exp_continue}; "Login failed." { send "quit\r";exp_continue}; "Login successful." { send "quit\r";exp_continue}; } EFO } login_fail(){ /usr/bin/expect<<-EFO spawn ftp $ip sleep 1 expect { "Name ($ip:root)" { send "$wrong_user\r";exp_continue}; "Password:" { send "$wrong_pass\r";exp_continue}; "Login failed." { send "quit\r";exp_continue}; "Login successful." { send "quit\r";exp_continue}; } EFO } while [ $count -le $max_count ];do echo "[start auto ftp login]" count=$((count + 1)) if [ $((count % login_count)) -eq 0 ];then echo "[start auto ftp login sucess]" login_success else echo "[start auto ftp login fail]" login_fail fi echo "[finish auto ftp login]" done
总结
sshpass仅局限于ssh登录的时候
expect就很灵活,遇到什么输出就自动指定输入
