This is a project I’ve been working on sporadically for a few weeks now. I haven’t had a good way to put it to use, until one of my best friends Lexie Boren gave me an idea that caused me to tidy up the code and publish it. So, here’s Hypnotoad, my lab-wide SSH solution.
My college computer lab has about 30 machines in it, all of which use a common student account (username: student, password: student), and also have SSH and SFTP enabled. It’s not best security practice to post that information on my website, but it’s common knowledge to everyone who uses the lab and does make the space easy to use. I’ve been working on a way to somehow utilize every machine at once, with some sort of parallel-SSH implementation. Here’s the base of that program, which I’m calling Hypnotoad Core: this one is the “core” because I’ve created a few spinoff programs that follow roughly the same structure, but for specific tasks.
First thing I’ll need to do is find a way to use the open SSH connections in a python script. I’ll use Paramiko, a package which does exactly this. This method is pretty much the base of all Paramiko programs.
def ssh_command(ip, user, passwd, command): client = paramiko.SSHClient() #client.load_host_keys('/home/yeet/.ssh/known_hosts') client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) try: client.connect(ip, username=user, password=passwd) except (BadHostKeyException, AuthenticationException, SSHException, socket.error) as e: print(e) return ssh_session = client.get_transport().open_session() if ssh_session.active: ssh_session.exec_command(command) return ((ssh_session.recv(1024)).decode("utf-8")) else: return "[*] SSH session failed."
Next, I’ll generalize this function to run across my specific network. The particular setup of our network is what prompted me to create this program: the network is easy to loop through like this. Note that the try/catch here means that if one machine is turned off or unreachable, I’ll still be able to reach the machines after that one; an issue I run into from time to time.
def linuxlab(username, password, command): print("Running ", command, " on  machines") for r in range(1, 31): hostname = "simpson" + str(r) try: res = (ssh_command(hostname, username, password, command))[:-1] if r < 10: hostname += " " print(hostname + ": " + res) except Exception as e: print("[***] ERROR: Can't reach "+ hostname)
Lastly, I’ll write main. This will let me run
command1 through the lab, then
command2, and any amount more. I mostly use the core to test the uptime & reachability of the lab.
import sys import threading import paramiko import subprocess import getopt def usage(): print(""" [*] Welcome to Hypnotoad. [*] The power of about 30 shitty workstations at your fingertips. [*] run with: python3.6 hypnotoad.py 'command1' 'command2' onwards. """) def main(): if ((len(sys.argv))< 2): usage() exit(0) #"Guest" accounts, always logged in username = "student" password = "student" for g in (range(1, len(sys.argv))): linuxlab(username, password, sys.argv[g])
And with that code, we have mass pseudo-SSH access to the lab. There’s clearly a lot more to do here- some of which I’ve already done. Eventually, I’d like to build some of my specific functions into modules of a larger program, something like how Metasploit works. Further updates will be documented here and on my Github in the future. Thank you for reading!