Automate Remote SSH Control of Computers with Expect Scripts [Tutorial]
Вставка
- Опубліковано 8 чер 2024
- Our Premium Ethical Hacking Bundle Is 90% Off: nulb.app/cwlshop
How to Combine Expect & Bash Scripts
Full Tutorial: nulb.app/x6vub
Subscribe to Null Byte: goo.gl/J6wEnH
Kody's Twitter: / kodykinzie
Cyber Weapons Lab, Episode 210
Bash scripts are the normal way to get into automation. However, they have their limitations. In this episode of Cyber Weapons Lab, we'll look at those limitations and learn about an alternative called expect scripts. Which, can be useful when we need to respond to variables, such as when you log in via SSH.
To learn more, check out the article on Null Byte's site: nulb.app/x6vub
Automate tasks with Bash scripts: • Write Your Own Bash Sc...
Automate recon with Bash scripts: • Automate Recon with Yo...
Follow Null Byte on:
Twitter: / nullbyte
Flipboard: flip.it/3.Gf_0
Website: null-byte.com
Vimeo: vimeo.com/channels/nullbyte - Навчання та стиль
![Write Your Own Bash Scripts for Automation [Tutorial]](http://i.ytimg.com/vi/PPQ8m8xQAs8/mqdefault.jpg)
![Write Your Own Bash Scripts for Automation [Tutorial]](/img/tr.png)
![Haunt a Computer Using SSH [Tutorial]](http://i.ytimg.com/vi/M0eEwqUpKDc/mqdefault.jpg)
00:34 The man that doesn't blink, winks.
This brings back memories. I used this exact method of ssh-ing and executing tasks on a system while supporting remote staff in Ukraine while me located out in LAX some years ago. Love the combo of Linux w/Expect scripting. Excellent creativity!
Good work!
Damn, is the CIA still hiring?
(I kid I kid)
OH MY GOD THIS CHANNEL HAS SO MUCH CONTENT! DUDE I WISH YT RECOMMENDED U EARLIER
IKR! It’s incredible 😱❤️
I love automation! great video❤️
Excellent tutorial. Well explained. Thank you.
I love your videos on coding very helpful and helped me out alot
Thanks for using motionEyeOS on one of your PIs.
Yeeeees! The video I was looking for
Awesome thanks for the info!! Great video and channel!!!
Really cool. With great power comes…
Interesting. Loved it.
I love this. Thank you
Thank You Sir for video. 1:30 am here Kappa
How does this compare by lets say using Ansible for automation. You could make a playbook for localhost and do the above without issues, plus you will have the benefit of all controls and plugins if you want to extend.
😍😍😍😍😍😍😍😍😘😘😘 NULL BYTE IS LOVE......
lol was looking for scripting in general, but this video solves an issue with my broken rpi
Expect is pretty bomb. I learned about it when I wanted to auto login to SFTP from another location to do periodic backups. Flawless.
I don't understand the interest :
It looks like : you execute a script and you enter the password.
So what the difference between that and root@server + password ?
Always 2 things to write
Seriously Teach me more!!
Nice video bro 👍👍
lets go another upload
Very nice thanks !
Would it be possible to combine such ssh tasks via expect script with a python script? Just like bash commands can be executed within a python script, so could the same be done with expect? Or should ssh tasks be rather done with python only?
pexpect, paramiko
@@thengakola6217 thanks bro
I am getting a (file "expect. exp" line 15) help please
could you make a video on pwndb and tools like it?
Life saver ❤️
yay li just needed this lmao
i need to log onto a remote server via ssh and a key...
then i need to run a command to update the certificates of the servers website
then i need to restart a couple of services
then i need to log off
all this is to be run from a cron job
is this possible....im a bit worried about using automatic ssh key logon..as i cannot send an ssh password over the line..and i need zero user input.
why are we rebooting after the ssh connection in expect.exp script?
Thanks!
Thank you for this informations! Very useful.
I have a task: I need to ssh into multiple switches (about 200. All the switches have very well defined names in the DNS) and I need to check one thing from their configuration. How about doing that? I guess I will need a way to grab the IP addresses, therefore modifying the 'arp-scan-l' line and then use a for loop I guess, right?
In pseudocode it would be something like this.
- grab all the ip addresses in the domain whose names starts with "blablabla"
- foreach of these ip addresses spawn an ssh process ;
- run the command for showing the switch configuration file.
- eventually grab the config into a txt file or whatever.
hi did you get any response or way to do it ?
Awesome video
I need help for calling a shell inside expect shell
Example showing automation using SSH keys (so you don't have to login) and rexec command vs. expect? Expect is kinda wonky sometimes.
Sometimes? I've been running the same script on 30 hosts for at least 15 years, and still have to fine tune it from time to time, because.... I don't know why. Something changes, distro is updated, anything will break the script. Sometimes. Or partially.
I only get the error message: ': not a valid identifier `loginpass and my_lookupdev: socket: Socket type not supported ! Where is the mistake ? ( Windows 10 Linux Subsystem Ubuntu 20.04 LTS )
i get error line 15 i think it said, so dont feel too bad lol
@@eagleeyeviewimages I still have error line 3! I'm just trying to figure out the mistake. Little success so far!
I forget my Snapchat my eyes password, can i find this with Sherlock or any other way, kindly help me
Brand new haircut dude...
Macbook named Dell-3?
or using python with the library Pexpect and you can use sys or subprocess and paramiko for the ssh
This sounds fun...you wouldn't have a tut on this would you? Maybe I'll piece this together...
@@rene_from_so_cal actually I do
@@rene_from_so_cal
Awooda
@@smidi4711 share it please ?
You Blinked!!! Thanks for another great tip
Epic
Windows 10 Linux Subsystem is crap ! Bash script not working "echo" work but nothing else works
Thank you, great information! Could definitely do without the music though...
YESSIR
Isn't Expext written in Tcl, and doesn't it require its user to write their scripts in a tickle-ish style too?
If my memory serves me correctly Tcl involved rife use of curly braces, or am I mixing this up with Lisp?
As you can see I am not very much fond of either Tcl nor Lisp.
I can remember that Tcl had a certain popularity in the 90s, especially among people who either needed to write Expect scripts or those who wanted to quickly script some sort of GUI for their otherwise dull CLI scripts, what would otherwise require much ado in C with an API to X Motif.
But why would I need to write an Expect script to shutdown and power off my RasPi remotely?
I use SSH key-based passwordless login to all my hosts anyway.
This is the only requirement if you want to automate things e.g. with Ansible.
Btw. you can even poweroff remote hosts through systemd's systemctl command.
I think Expect made much more sense in the 90s when most people in the Unix realm still used telnet, and the BSD rlogin, remsh, and rsh commands to connect to their hosts and before Tatu Ylönen's (ha, I still remember the Finnish guy's name from the ssh manpage on HP-UX) SSH became available.
Apropos, not to be taken seriously, doesn't a _grep | awk_ pipeline like in your little sample script qualify for the _Useless Use of Cat Award_ ?
N.b. @08:25 if you want to avoid being forced to confirm the remote sshd's hostkey, when you login somewhere for the first time with ssh you could try to pass the following options to your ssh client.
_ssh -o stricthostkeychecking=no -o userknownhostsfile=/dev/null ..._
If you want to avoid always having to type these long option args (ok, we all use our shell's history anyway, don't we?) then just tuck those two options (they are case insensitive but for better readability use Camel case, you only have to type it once) into your ssh client's config file in _~/.ssh/config_ within a Host block definition on two separate lines, and substitute the equal sign between parameter and value by whitespace.
For more fancy ssh client options consult man ssh_config.
German, old & possibly fond of the letter 'k'
@@theeffectoflogic3 which vocables did I spell incorrectly? English isn't my native tongue.
And then, if I am aware of it, I do prefer the British spelling which may look to you Americans even older and more bizarre. In the context of IT I often even have to pull myself together not to write e.g. _programme_ .
Thankfully most Unix commands only consist of two letter words.
@@othernicksweretaken You depicted yourself as a veteran in the field, your profile picture shows the German flag with a banana, which is infamous as a source of potassium, which is represented by the letter 'K'... Can't believe you didn't understand such a logical reply.
@@theeffectoflogic3
Thank you for your explanatory reply.
Of course you are right with your deductions. I have to admit that I didn't have the nutritional properties of bananas on my mind because I chose my avatar image with the halfway peeled off banana over the colours of my country's national flag for another reason, a very self-derisive one towards the current state of my nation.
In German we have the expression _Bananenrepublik_ whose meaning I thought was very commonplace almost internationally, and I am sure that _banana republic_ has in English the same pejorative connotation, without even having to look it up.
Kody doesn't blink eyes
Hy.
I Lear a lot whith your video, (I'm Italian) so sorry 4 my righting.
Well can you tell me if termux is a good things to learn.
Thank's anyway... You are really brave I mean how you teach.
Dude, termux is just a terminal emulator. You don't "learn termux", you learn to use the linux command line.
Most commands in linux are the same in termux because both use bash.
@SALTINBANK he said TERMUX not TMUX. Termux is android terminal emulator.
0:24 OMG
hello script kiddies :D
KODY K...
#! bin/bash
echo "Kody is the goat"
Pog
That's the second time I read that on UA-cam today. What that means?
Its usually "Person otherthan grunt"..military term.
Bring free hcking course
Can't believe you use a Mac
I was here 1 minutes after the video post
Bash | 🙅🏽♀️
Expect | 🤦🏽♀️
Bash + Expect | 😌😏😎
Sir How to hack fb traget account
Da
First
Please make a tutorial on how to remotely access kali linux machine from android....
Please.....
You can be hacked if you set up any kind of remote access. That is the reason kali doesn't enable remote access by default.
If you don't care, just install ssh-server on kali and ssh client on android using something like termux.
ssh -t username@host 'reboot' works fine for me.
lol wtf expect "assword:" ???
I want to hack WiFi without adapter and monitor mode .
same problem here. sadly there is no way :(
are you single;-)????
Answer to this comment with your customized script!
I stopped watching as he said "I'm using a Mac computer"! +dislike
Snob. Haha 😊