From Notes
#!/usr/bin/env ruby
#
# Author: Josh Miller
# Date: 10/17/2006
#
# Purpose: Audits passwords for default value of uiduid!
#
# Requirements: You must have a list of users from the host
# in question, or a list of users to attempt with in a file
# with each uid on a line by itself.
#
# This code was modified from another source - although I
# unfortunately dont have the source.
require 'net/ssh'
require 'getoptlong'
usage = %{ Usage: #{$0} -h <hostname> -u <userfile> }
options = GetoptLong.new(
[ "--hostname", "-h", GetoptLong::REQUIRED_ARGUMENT ],
[ "--userlist", "-u", GetoptLong::REQUIRED_ARGUMENT ]
)
userfile, outfile, hostname, password = nil
options.each { |option, arg|
case option
when '--hostname'
hostname = arg
when '--userlist'
userfile = arg
end
}
if !hostname || !userfile
puts usage
exit
end
userfile = File.read(userfile)
$output = File.new("#{hostname}.default","w")
class SSHConnect
def session(hostname,user)
begin
uid = user
pw = "#{user}#{user}!"
state = Net::SSH.start(hostname,uid,pw)
if state.open?
puts "Default password in use for #{uid}: #{pw}"
$stdout = $output
#puts "#{uid}\t#{hostname}"
puts "#{uid}"
$stdout = STDOUT
end
rescue Net::SSH::AuthenticationFailed
puts "No default password for #{uid}"
end
end
end
connection = SSHConnect.new
userfile.each do |user|
user = user.chomp
connection.session(hostname,user)
end
$output.close
