I want to test the effectiveness of sshguard on some of my systems so I'm trying to write a script that simulates a brute force attack by sending a bunch of different username and password combinations to the servers being tested. So far I have this:
#!/usr/local/bin/expect
set timeout 3
set user test
set password test
set host 192.168.0.5
set pwd test
spawn ssh -oPort=22 $user@$host
expect "password"
send $pwd"\r"
expect "password"
send $pwd"\r"
expect "password"
send $pwd"\r"
send "exit\r"
interact
This works fine but I would like for the script to read usernames from a file one at a time and connect as each of the users. I've seen some examples of expect loops and tried them but they all seem to read the whole file as a string instead of executing the SSH command for each line in the file. How can I make this work?
A good imitation of a brute-force attack script would effectively be a brute-force attack script, not something I'm sure unix.com really needs on its forums
So if instead I had asked how to write a script that would copy a file to a few remote servers using different credentials in a secure manner, it would have been ok?
The point is that I need to know how to loop through a file using an expect script. If anyone can help, that would be great.
The following will read a file line-by-line. Replace "users.txt" with the name and path to your file.
#!/usr/bin/expect -f
#
set fh [ open "users.txt" r]
set fileData [read $fh]
close $fh
set data [split $fileData "\n"]
foreach line $data {
puts $line
}