vailixi Posted March 25, 2017 Posted March 25, 2017 (edited) So I want to audit a few SSH servers. I want to save the output of THC-Hydra to a file then use the out of the file as variables in the next step of auditing. Trying to automate this this as much as possible. hydra syntax: hydra -o /root/Desktop/cracked.txt -l donkeypuncher -P /root/Desktop/thepassword.txt -s 22 10.42.0.196 ssh I want to use the output from the saved text file for the next step. I can get this a number of ways. this is simple. cat /root/Desktop/cracked.txt | tail -1 I get this output here:: [22][ssh] host: 10.42.0.196 login: donkeypuncher password: fistingtiffany I want to pretty much save the host, user, and password variables so I can use them in my script in the next couple of steps. How do I go about this? Edited March 25, 2017 by vailixi Quote
digininja Posted March 25, 2017 Posted March 25, 2017 With a lot of hacking you could probably do it on the command line in bash but I'd do a ruby or python script to wrap it all. That can tail the file and parse anything you want out of it. If you want to use bash, look at cut, that will let you break the line down into bits which you can then reuse. Or sed might be better, you could use that to do match and replace to build a whole new command. Quote
vailixi Posted March 25, 2017 Author Posted March 25, 2017 That's pretty much exactly what I wanted to do. 1 hour ago, kdodge said: Is this what your looking to do?http://pastebin.com/RtAUmRXN Quote
Decoy Posted March 25, 2017 Posted March 25, 2017 (edited) On 3/24/2017 at 10:44 PM, vailixi said: hydra -o /root/Desktop/cracked.txt -l donkeypuncher -P /root/Desktop/thepassword.txt -s 22 10.42.0.196 ssh cat /root/Desktop/cracked.txt | tail -1 [22][ssh] host: 10.42.0.196 login: donkeypuncher password: fistingtiffany Are you trolling us right now? Edited March 26, 2017 by Decoy Misspelled. Quote
vailixi Posted March 25, 2017 Author Posted March 25, 2017 No dawg. why would you think I'm trolling? Quote
digip Posted March 26, 2017 Posted March 26, 2017 44 minutes ago, vailixi said: No dawg. why would you think I'm trolling? maybe because of the user name and password? Quote
Decoy Posted March 26, 2017 Posted March 26, 2017 4 hours ago, vailixi said: No dawg. why would you think I'm trolling? Yup. If you're not trolling, it's a great username and password. No need for auditing. Quote
digip Posted May 8, 2017 Posted May 8, 2017 2 hours ago, kdodge said: Hey Darren, thanks for the reference you made in your podcast about this little script a few weeks ago! I just had one question though, you said that its better to use $() over `` for getting the output of commands, and I was just wondering why that is? I don't see @Darren Kitchen in this thread, but if I'm taking a guess at your reference, using $(somecommands) can be used as variables as well, like someVar = $(some commands to run against $1 or whatever you put in here) where later you reference $someVar when needed in a script and it does whatever it is you put in there. That output can then be piped or redirected like any other input and output data to save to file or read in to another process. Quote
digip Posted May 9, 2017 Posted May 9, 2017 I think it depends on the shell, but all modern shells probably support both, older ones maybe only the backtick. I'm not a *nix guru, so someone else might know and chime in. Everything in $() is treated as a command, as you'd expect with backticks. Nesting becomes an issue though and you have to escape all bacticks inside of backticks, or your commands could start failing with something like expecting end of line or such. They also become confusing with your code when using backticks and single quotes in the same sections of a script, something to think about. Older shells might not use the newer $() either, but all modern systems should work using $() which I guess is now commonplace. backtick might have some other meaning for certain shells and commands as well. Some shells don't use $() either, and some use things like source() or .() which is over my head. I'm not much of a programmer nor fluent with shell scripting. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.