-
Notifications
You must be signed in to change notification settings - Fork 0
/
exploit.py
99 lines (77 loc) · 3.18 KB
/
exploit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
import pexpect
import argparse
def handle_user_input():
parser = argparse.ArgumentParser()
parser.add_argument(
"-d", help="the target's destination (eg: ctf-player@atlas.picoctf.net)", metavar='destination', required=True)
parser.add_argument("-p", help="the target's port",
metavar='port', required=True)
parser.add_argument(
"-pwd", help="the target's password", metavar='password', required=True)
args = parser.parse_args()
return [args.d, args.p, args.pwd]
def handle_guess(lower_bound, upper_bound, last_guess, hint):
if hint == "Lower":
upper_bound = last_guess - 1
elif hint == "Higher":
lower_bound = last_guess + 1
return (lower_bound + upper_bound) // 2, lower_bound, upper_bound
def ssh_interaction(username, hostname, port, password):
# Construct the SSH command
ssh_cmd = f"ssh -o StrictHostKeyChecking=no -p {
port} {username}@{hostname}"
try:
# Spawn a new SSH process
ssh_session = pexpect.spawn(ssh_cmd)
# Expect password prompt and send password
ssh_session.expect("password:")
ssh_session.sendline(password)
# Start interaction after successful login
ssh_session.expect("Enter your guess:")
# Initialize bounds and first guess
lower_bound = 1
upper_bound = 1000
guess = (lower_bound + upper_bound) // 2
while True:
# Send the guess
ssh_session.sendline(str(guess))
index = ssh_session.expect(
["Lower! Try again.", "Higher! Try again.", pexpect.EOF, pexpect.TIMEOUT])
if index == 0: # Lower
guess, lower_bound, upper_bound = handle_guess(
lower_bound, upper_bound, guess, "Lower")
ssh_session.expect("Enter your guess:")
elif index == 1: # Higher
guess, lower_bound, upper_bound = handle_guess(
lower_bound, upper_bound, guess, "Higher")
ssh_session.expect("Enter your guess:")
else: # EOF or TIMEOUT
break
# Print output for demonstration
print(ssh_session.before.decode('utf-8'))
# Wait for the session to close
ssh_session.expect(pexpect.EOF)
# Close the SSH session
ssh_session.close()
except pexpect.exceptions.EOF:
print("SSH session terminated unexpectedly.")
except pexpect.exceptions.TIMEOUT:
print("Timeout occurred during interaction.")
except Exception as e:
print(f"Exception occurred: {e}")
# Example usage:
if __name__ == "__main__":
try:
user_input = handle_user_input()
destination = user_input[0]
port = user_input[1]
password = user_input[2]
if destination is None or port is None or password is None:
raise ValueError(
"All arguments (destination, port, password) are required.")
username, hostname = destination.split("@")
ssh_interaction(username, hostname, port, password)
except ValueError as ve:
print(f"Input error: {ve}")
except Exception as e:
print(f"Unexpected error: {e}")