Attacking interactive applications with python’s pexpect
While available shelf penetration programs/tools are used widely, there can be situations when certain tools might fail. Security Professionals love to automate pentesting tasks and write their own set of tools while testing. For example one can write his/her own port scanner program when nmap fails. Here a custom script would send packets to the static host and gives out result but how about the case when we are trying to attack an interactive service such as SSH, FTP, TELNET etc. Lets say we wish to bruteforce the ssh service on the remote machine and there are a series of prompts that are expected depending upon the interaction between client and ssh server. Lets check out some of the prompts ssh service sends to a connecting client – 1. When connecting to a ssh server for the first time, a yes/no prompt gets introduced. 2. While trying password....