SecureCRT - python 脚本计算google 验证码
Max.Bai
2016-12-22
0x00 google 验证码
当登录linux服务器需要输入google验证码的时候,我们可以在手机上安装google authenticator 计算实时变化的验证码,当然做为懒得不行的我,需要自动输入验证码在 SecureCrt 屏幕上。
0x01 python 脚本自动化ssh
在SecureCRT添加一个button,点击的时候执行python脚本,用python脚本计算验证码,并自动ssh 到指定的服务器。
import hmac, base64, struct, hashlib, time import sys def get_hotp_token(secret, intervals_no): key = base64.b32decode(secret, True) msg = struct.pack(">Q", intervals_no) h = hmac.new(key, msg, hashlib.sha1).digest() o = ord(h[19]) & 15 h = (struct.unpack(">I", h[o:o+4])[0] & 0x7fffffff) % 1000000 return h def get_totp_token(secret): return get_hotp_token(secret, intervals_no=int(time.time())//30) def main(): user = "maxbai"#str(crt.Arguments[0]) # user account for ssh account gtoken = "EFCJY5BS5C62AHUO" #str(crt.Arguments[1]) # google token value pwd = "max123123123" #str(crt.Arguments[2]) # password for ssh crt.Screen.Send("ssh "+user+"@127.10.10.31 -p 23\r") # ssh command #result = crt.Screen.WaitForString("connecting (yes/no)?", 2) #if result == 1: #crt.Screen.Send("yes\r") result = crt.Screen.WaitForString("Verification code:", 5) if result == 0: return "" crt.Screen.Send(str(get_totp_token(gtoken))+"\r") result = crt.Screen.WaitForString("assword:", 5) if result == 0: return "" crt.Screen.Send(pwd+"\r") main()