-2
 def connect(user,host,keyfile,release):
    global Stop
    global Fails
    try:
            perm_denied = 'Permission denied'
            ssh_newkey = 'Are you sure you want to continue'
            conn_closed = 'Connection closed by remote host'
            opt = ' -o PasswordAuthentication=no'
            connStr= 'ssh ' + user + '@' + host + ' -i ' +keyfile + opt
            child = pexpect.spawn(connStr)
           ret=child.expect([pexpect.TIMEOUT,perm_denied,ssh_newkey,conn_closed,'$','#'])
            print(child.before)
            if ret== 2:
                    print('[[-] Adding Host to !/.ssh/known_hosts')
                    child.sendline('yes')
            elif ret ==3:
                    print('[-] Connection Closed by Remote Host')
                    Fails += 1
            elif ret > 3:
                    print('[+] Success.' + str(keyfile)+ ' ' + str(ret))
                    Stop = True
    finally:
            if release:
                    connection_lock.release()**

Please check the python code I have above.

when I execute:

python3 brutekey-ssh.py -H 127.0.0.1 -u root -d dsa/1024/

[-] Testing keyfile dsa/1024/a31b082ec6434d65c2adf76862b9aca7-30343
[-] Testing keyfile dsa/1024/fb80119b7615bbeb96cb7d2f55b7533d-10375
b''
[+] Success.dsa/1024/1f09490e311786ec22ff32715ca106e9-1279 4
[*] Exiting:Key Found
b''
[+] Success.dsa/1024/b23696eee5b31ed916002d3ec2ddb5f6-18108 4
b''
[+] Success.dsa/1024/a31b082ec6434d65c2adf76862b9aca7-30343 4

My questions are as follows:

  1. Even it get a permission denied, it still matches ret > 3, why?

  2. How to check the exact output of child.expect

  3. Do I need to use .*\$ instead of $? does $ only match the exact $ in the output?

Robbie
  • 53
  • 1
  • 8
  • What string did you give in perm_denied? – Vineeth Sai Sep 26 '18 at 14:09
  • 1
    Add the the `print` value of `child.before` just after this statement `ret = child.expect([pexpect.TIMEOUT,perm_denied,ssh_newkey,conn_closed,'$','#'])` So we can tell the exact cause of the problem. – Vineeth Sai Sep 26 '18 at 14:10
  • Errr what are you trying to do? You usually need `expect` if you have to pass a password/username to a blocking process that expects those inputs on the command line. You are ssh-ing with a key, though, so you don't need to do that... – Matt Messersmith Sep 26 '18 at 14:39
  • Futhermore, typically a return code of `0` from a process means success on Unix based systems. Return codes greater than 3 can mean just about anything...but not success. – Matt Messersmith Sep 26 '18 at 14:40
  • expect doesn't return process codes. It returns index – Vineeth Sai Sep 26 '18 at 19:20
  • I edite my origibal post: add print(child.before) , print the ret vaiable . I also paste the whole fun here ,so u can see variable 'perm_denied'. But when I execute it ,even the child.before is '', ret is 4............... – Robbie Sep 27 '18 at 00:42
  • it seems this link has right answer: https://stackoverflow.com/questions/40056626/pexpect-child-before-and-child-after-is-empty – Robbie Sep 27 '18 at 03:57

1 Answers1

0

1:Even it get a permission denied, it still match ret>3 why?
ans: Probably because the output of the perm_denied case contained one of the bash characters('#', '$'), print the value of child.beforeor take manual steps to be sure what's happening before automating. It should return 0 in case it didn't match anything and caused a TIMEOUT. And it returns 0 instead of raising an exception because you added pexpect.TIMEOUT to the list.

2: How to check the exact output of child.expect?
ans: child.expect returns the index(int) of the item in the list you passed to it. So in your case you passed [pexpect.TIMEOUT,perm_denied,ssh_newkey,conn_closed,'$','#'], .expect will return the index of whatever that was matched first from left to right by the backend regex. The exact value of it is in your ret variable.

3: do I need to use .*\$ instead of $? does '$' only match the exact $ in output?
ans: Yes it is enough to match the bash prompt. The only case where they might break is when something from your child prints out a # character from some function.

pexpect has good documentation, Read the examples here and it should be plenty.

Vineeth Sai
  • 3,389
  • 7
  • 23
  • 34
  • I edite my origibal post: add print(child.before) and print the ret vaiable. Even the child.before is '', ret is 4............... – Robbie Sep 27 '18 at 00:40
  • I want to check whether the ssh login is successful – Robbie Sep 27 '18 at 00:54
  • the exact prompt from my manual test is: ssh root@127.0.0.1 -i dsa/1024/1f09490e311786ec22ff32715ca106e9-1279 -o PasswordAuthentication=no Permission denied (publickey,password). – Robbie Sep 27 '18 at 03:15