Paramiko is a python library providing SSHv2 protocol. It provides Client and Server feature. I have given the introduction in last article, in case you have missed it, here is the link: https://anonhack.in/2018/06/hacking-with-python-series-python-libraries-for-ssh/.
Let’s get on with the code because nothing is more interesting than the code itself.
Before, you run the code install the Paramiko library.
Command to install: pip install paramiko
Command to upgrade it: pip install –upgrade paramiko
Explanation for the code below:
param_ssh(addr,user,passwd): is the function I have created that takes hostname of the target machine with the username and password.
client = paramiko.SSHClient() : With this code we are creating an object for paramiko.SSHClient(). This object will handle all our requests and commands. You can name it anything.
client.set_missing_host_key_policy(paramiko.AutoAddPolicy()): This line handles the key policies, Add keys to the local hostkey lists. This line must be specified because key handling is important while making a connection.
sock=socket.socket()
ip=socket.gethostbyname(address) :
These two lines make a connection with the host to get the IP address. I added this line because I felt there is a need to add it if you enter a domain name and not a proper IP address. Must be enclosed in try and Except Block.
client.connect(ip, username=username, password=password, look_for_keys=False): This line will then make a SSH connection using ip, username, password and look_for_keys=False will set the search of private keys in the local machine to false. This ways it will make connection using password only.
print(“Connected Successfully with “+username+”:”+password)
stdin,stdout,stderr=client.exec_command(‘whoami’)
outlines=stdout.readlines()
resp=”.join(outlines) print(resp)
The above lines of code handles the std input and output when the connection has been successfully made. You can use interactive command so as to communicate with the server.
Code:
#!/usr/bin/python
import paramiko
import socket
import sys
#A variable 'e',this will act as a flag. You can also define it inside the function itself.
e=0
#A function I have defined that takes arguments addr as hostname,user as username,passwd as password
def param_ssh(addr,user,passwd):
global e #Making use of variable e in the function
#Assigning the values
username=user
password=passwd
address=addr
#just a print line
print("Connecting to server...")
#defining an object for SSHClient(). client will act as a handler here. You can name it anything
client = paramiko.SSHClient()
#This handles the missing Keys while connecting to the server. It will add the host keys locally if not present.
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
sock=socket.socket() #normal socket object
ip=socket.gethostbyname(address) #getting IP address
client.connect(ip, username=username, password=password, look_for_keys=False) # Making connection
except Exception as r:
e=1 #if exception is raised value of e will turn 1. Showing failue message
print("[-]"+str(r)+" \nWrong credentials "+username+":"+password)
#if the value of e stays 0 that means the connection has been made successfully then below lines will run
if(e==0):
print("Connected Successfully with "+username+":"+password)
stdin,stdout,stderr=client.exec_command('whoami') #creating stdin,stdout,stderr command execution
outlines=stdout.readlines() #reading the terminal output
resp=''.join(outlines)
print(resp)
#checker for arguments
if len(sys.argv) < 4:
print('Not enough arguments\n>>hostname,username,password required.')
else:
address=sys.argv[1]
username=sys.argv[2]
password=sys.argv[3]
param_ssh(address,username,password)
OUTPUT:
