Hypnotoad Core: Mass-SSH access for unix system administration

This is a project I’ve been working on sporadically for a few weeks now. I haven’t had a good way to put it to use, until one of my best friends Lexie Boren gave me an idea that caused me to tidy up the code and publish it. So, here’s Hypnotoad, my lab-wide SSH solution.

My college computer lab has about 30 machines in it, all of which use a common student account (username: student, password: student), and also have SSH and SFTP enabled. It’s not best security practice to post that information on my website, but it’s common knowledge to everyone who uses the lab and does make the space easy to use. I’ve been working on a way to somehow utilize every machine at once, with some sort of parallel-SSH implementation. Here’s the base of that program, which I’m calling Hypnotoad Core: this one is the “core” because I’ve created a few spinoff programs that follow roughly the same structure, but for specific tasks.

The Code

First thing I’ll need to do is find a way to use the open SSH connections in a python script. I’ll use Paramiko, a package which does exactly this. This method is pretty much the base of all Paramiko programs.

def ssh_command(ip, user, passwd, command):
    client = paramiko.SSHClient()
    #client.load_host_keys('/home/yeet/.ssh/known_hosts')
    client.set_missing_host_key_policy(paramiko.AutoAddPolicy())

    try:
        client.connect(ip, username=user, password=passwd)
    except (BadHostKeyException, AuthenticationException,
        SSHException, socket.error) as e:
        print(e)
        return
    ssh_session = client.get_transport().open_session()
    if ssh_session.active:
        ssh_session.exec_command(command)
        return ((ssh_session.recv(1024)).decode("utf-8"))
    else:
        return "[*] SSH session failed."

Next, I’ll generalize this function to run across my specific network. The particular setup of our network is what prompted me to create this program: the network is easy to loop through like this. Note that the try/catch here means that if one machine is turned off or unreachable, I’ll still be able to reach the machines after that one; an issue I run into from time to time.

def linuxlab(username, password, command):
    print("Running ", command, " on [30] machines")

    for r in range(1, 31):
        hostname = "simpson" + str(r)

        try:
            res = (ssh_command(hostname, username, password, command))[:-1]
            if r < 10:
                hostname += " "
            print(hostname + ":   " + res)
        except Exception as e:
            print("[***] ERROR: Can't reach "+ hostname)

Lastly, I’ll write main. This will let me run command1 through the lab, then command2, and any amount more. I mostly use the core to test the uptime & reachability of the lab.

import sys
import threading
import paramiko
import subprocess
import getopt

def usage():
    print("""
    [*] Welcome to Hypnotoad.
    [*] The power of about 30 shitty workstations at your fingertips.
    [*] run with: python3.6 hypnotoad.py 'command1' 'command2' onwards.
    """)

def main():

    if ((len(sys.argv))< 2):
        usage()
        exit(0)

    #"Guest" accounts, always logged in
    username = "student"
    password = "student"

    for g in (range(1, len(sys.argv))):
        linuxlab(username, password, sys.argv[g])

And with that code, we have mass pseudo-SSH access to the lab. There’s clearly a lot more to do here- some of which I’ve already done. Eventually, I’d like to build some of my specific functions into modules of a larger program, something like how Metasploit works. Further updates will be documented here and on my Github in the future. Thank you for reading!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s