Python:webshell 跳板机审计服务器

2021-10-16 01:06:17

1.修改paramiko源码包实现

https://github.com/paramiko/paramiko/tree/1.10.1  下载源码包

unzip paramiko-1.10.1.zip

paramiko-1.10.1/demos/demo.py  模拟用户登录,在demo.py中会调用interactive.py

paramiko-1.10.1/demos/interactive.py  会把用户执行的命令以及服务器返回的结果打印出来

修改interactive.py,可以把用户名、执行的命令、时间、主机ip记录到日志中

demo.py

import base64

from binascii import hexlify

import getpass

import os

import select

import socket

import sys

import threading

import time

import traceback

import paramiko

import interactive

#define host

print("\033[34;1mWelcome zhengshun's Fort Machine\nThere have those machines:\033[0m")

dictroy = {

        "vc-app01":"192.168.101.131",

        "vc-app02":"192.168.101.130",

	"vc-app03":"192.168.101.132"

}

while 1:

	try:

		print('')

		for k,v in dictroy.items():

			print k,v

		print('')

		hostname = raw_input('please input IP:')

		if hostname == '':continue

		elif hostname == 'exit':break

		elif hostname == 'quit':break

		def agent_auth(transport, username):

		    """

		    Attempt to authenticate to the given transport using any of the private

		    keys available from an SSH agent.

		    """

		    agent = paramiko.Agent()

		    agent_keys = agent.get_keys()

		    if len(agent_keys) == 0:

		        return

		    for key in agent_keys:

		        print 'Trying ssh-agent key %s' % hexlify(key.get_fingerprint()),

		        try:

		            transport.auth_publickey(username, key)

		            print '... success!'

		            return

		        except paramiko.SSHException:

		            print '... nope.'

		def manual_auth(username, hostname):

		    default_auth = 'p'

		    auth = 'p'

		    if len(auth) == 0:

		        auth = default_auth

		    if auth == 'r':

		        default_path = os.path.join(os.environ['HOME'], '.ssh', 'id_rsa')

		        path = raw_input('RSA key [%s]: ' % default_path)

		        if len(path) == 0:

		            path = default_path

		        try:

		            key = paramiko.RSAKey.from_private_key_file(path)

		        except paramiko.PasswordRequiredException:

		            password = getpass.getpass('RSA key password: ')

		            key = paramiko.RSAKey.from_private_key_file(path, password)

		        t.auth_publickey(username, key)

		    elif auth == 'd':

		        default_path = os.path.join(os.environ['HOME'], '.ssh', 'id_dsa')

		        path = raw_input('DSS key [%s]: ' % default_path)

		        if len(path) == 0:

		            path = default_path

		        try:

		            key = paramiko.DSSKey.from_private_key_file(path)

		        except paramiko.PasswordRequiredException:

		            password = getpass.getpass('DSS key password: ')

		            key = paramiko.DSSKey.from_private_key_file(path, password)

		        t.auth_publickey(username, key)

		    else:

		        pw = '123456'

		        t.auth_password(username, pw)

		# setup logging

		paramiko.util.log_to_file('demo.log')

		username = 'root'

		if len(hostname) == 0:

		    print '*** Hostname required.'

		    sys.exit(1)

		port = 22

		if hostname.find(':') >= 0:

		    hostname, portstr = hostname.split(':')

		    port = int(portstr)

		# now connect

		try:

		    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

		    sock.connect((hostname, port))

		except:

		    print('\033[31;1minvalid value\033[0m')

		    continue

		#except Exception, e:

		#    print '*** Connect failed: ' + str(e)

		#    traceback.print_exc()

		#    sys.exit(1)

		try:

		    t = paramiko.Transport(sock)

		    try:

		        t.start_client()

		    except paramiko.SSHException:

		        print '*** SSH negotiation failed.'

		        sys.exit(1)

		    try:

		        keys = paramiko.util.load_host_keys(os.path.expanduser('~/.ssh/known_hosts'))

		    except IOError:

		        try:

		            keys = paramiko.util.load_host_keys(os.path.expanduser('~/ssh/known_hosts'))

		        except IOError:

		            print '*** Unable to open host keys file'

		            keys = {}

		    # check server's host key -- this is important.

		    key = t.get_remote_server_key()

		    if not keys.has_key(hostname):

		        print '*** WARNING: Unknown host key!'

		    elif not keys[hostname].has_key(key.get_name()):

		        print '*** WARNING: Unknown host key!'

		    elif keys[hostname][key.get_name()] != key:

		        print '*** WARNING: Host key has changed!!!'

		        sys.exit(1)

		    else:

		        print '*** Host key OK.'

		    # get username

		    if username == '':

		        default_username = getpass.getuser()

		        username = raw_input('Username [%s]: ' % default_username)

		        if len(username) == 0:

		            username = default_username

		    agent_auth(t, username)

		    if not t.is_authenticated():

		        manual_auth(username, hostname)

		    if not t.is_authenticated():

		        print '*** Authentication failed. :('

		        t.close()

		        sys.exit(1)

		    chan = t.open_session()

		    chan.get_pty()

		    chan.invoke_shell()

		    print '*** Here we go!'

		    print

		    interactive.interactive_shell(chan)

		    chan.close()

		    t.close()

		except Exception, e:

		    print '*** Caught exception: ' + str(e.__class__) + ': ' + str(e)

		    traceback.print_exc()

		    try:

		        t.close()

		    except:

		        pass

		    sys.exit(1)

	except:

		continue

  

2.创建跳板机用户,并设置用户登陆的环境变量

注意事项:用户登录跳板机后不能跳过demo.py程序,如果退出demo.py程序则注销跳板机的登陆,只能选择要登陆的主机ip,选择后直接登陆,如果用户在输入错误时,要循环从头开始

adduser audit

vim /home/audit/.bash_profile  在环境变量中加入执行python demo.py文件,执行后logout

3.使用shellinabox实现webssh

https://code.google.com/archive/p/shellinabox/downloads  下载shellinabox-2.14.tar.gz

tar zxf shellinabox-2.14.tar.gz

cd shellinabox-2.14

./configure --prefix=/usr/local/webshell && make && make install

bash /usr/local/webshell/bin/shellinaboxd &    后台运行,shellinabox默认端口是4200

访问https://ip:4200就可以登陆跳板机

展示:

Python:webshell 跳板机审计服务器  

上一篇:FindMy部署了超过45000个用于智能动物跟踪的Globalstar卫星物联网设备


下一篇:jquery 项目所用