From 725eb0a1440879f8f5a6f1455fabf9e97fe59eb5 Mon Sep 17 00:00:00 2001 From: Aaron Johnson Date: Sun, 25 Nov 2018 19:23:46 -0600 Subject: [PATCH 1/5] Added insecure password support --- tab-sorcery.sh | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/tab-sorcery.sh b/tab-sorcery.sh index 3162ace..6e0f4c1 100644 --- a/tab-sorcery.sh +++ b/tab-sorcery.sh @@ -4,6 +4,7 @@ # $1 == Domain to scan # $2 == Nameserver to do the zone transfer from # $3 == Default username for connections +# $4 == Windows password file (optional and unencrypted plain text; use at your own risk!) scan_domain=$1 scan_ns=$2 @@ -14,6 +15,13 @@ case "$SORC_GEOM_RDP" in *) geom_rdp='1600x900';; esac +# Check for a plain text password files for Windows hosts +# (Disclaimer: This is highly insecure and unrecommended.) +case "$SORC_PASS_FILE" in + [~$/abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]*) pass_file=$SORC_PASS_FILE;; + *) pass_file=/dev/null;; +esac + get_hostip () { #host_ip=`echo $zone_xfer | grep ${host} | grep A | awk '{print $3}'` host_ip=`echo $zone_xfer | grep $1 | grep A | awk '{print $3}'` @@ -30,7 +38,16 @@ while read host <&3; do get_hostip ${host} alias ${host_short}="${connect_cmd} ${user_name}@${host_ip}" elif [ "`echo $zone_xfer | grep $host | grep TXT | awk '{print $3}'`" = '"windows"' ]; then - connect_cmd="rdesktop -g $geom_rdp" + if [ -f $pass_file ]; then + if pass_line=`grep $host_short $pass_file`; then + winpass=`awk -F= '{print $2}' <<< "$pass_line"` + connect_cmd="rdesktop -g $geom_rdp -p $winpass" + else + connect_cmd="rdesktop -g $geom_rdp" + fi + else + connect_cmd="rdesktop -g $geom_rdp" + fi get_hostip ${host} alias ${host_short}="${connect_cmd} -u ${user_name} ${host_ip}" elif [ "`echo $zone_xfer | grep $host | grep TXT | awk '{print $3}'`" = '"cisco"' ]; then From 17e09204e3be83ad2df1b9f9f6c549e347675b3a Mon Sep 17 00:00:00 2001 From: Aaron Johnson Date: Sun, 25 Nov 2018 19:39:53 -0600 Subject: [PATCH 2/5] Updated README --- README.md | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index ff70d1d..2d637fa 100644 --- a/README.md +++ b/README.md @@ -19,14 +19,38 @@ Default username (bob.user) Once done, all hostnames in the DNS zone should be available for SSH/Telnet/RDP by a tab-completable alias of just the hostname (in new shell sessions). -#### Can I change the window geometry for rdesktop? -Yes! You simply need to export a variable *before* calling the tab-sorcery.sh script. The variable to export is called **SORC_GEOM_RDP**, which will take the form of [width]x[height]. +### Options +Options can be configured as exported variables, set in your shell RC files before calling the tab-sorcery script itself. So far there are two options: +#### Windows RDP Window Geometry +##### Variable: SORC_GEOM_RDP +This option sets the resolution of your Windows RDP connections. If left unset or an invalid value is detected, the default is **1600x900**. Example: ``` export SORC_GEOM_RDP='1280x720' +``` + +#### Windows Password File (INSECURE) +##### Variable: SORC_PASS_FILE +This option supplies the path to a plain text file containing a list of hostnames and passwords in the following format: +``` +hostname=password +``` +If this option is provided, hosts marked as Windows hosts will check this file for a password and pass it on to the alias for the host in order to make logging into Windows almost as painless as *nix hosts. +**This feature should be considered temporary and used only at your own risk.** This is a **very insecure** thing to do, and the intent is to replace this later with LastPass support or similar instead, and was added mostly as a personal exercise. + +To configure, once you have your password file set up, just export the location as a variable like so: +``` +export SORC_PASS_FILE="$HOME/.some_file" +``` + +### Full Example of How to Call the __Tab Sorcery__ Script +Here is a full example utilizing all available options. Please note that only the last line, beginning with a dot, is absolutely required. +``` +export SORC_GEOM_RDP='1280x720' +export SORC_PASS_FILE="$HOME/.some_file" . $HOME/git/tab-sorcery/tab-sorcery.sh example.com 127.0.0.1 bob.user ``` -The default window geometry that is used if this variable is either unset, or if an invalid value is detected is **1600x900**. + ## DNS Setup You'll likely want to create a DNS zone specifically for this script for better control over the hosts included. I would recommend using a TLD not normally available, to be sure you don't have any overlap with existing DNS names. This domain doesn't need to be publicly queried, and actually it's probably in interest of security if it isn't. From 4c2fbd3d2ff00800cb60c275fdfd73bc4a02e6f0 Mon Sep 17 00:00:00 2001 From: Aaron Johnson Date: Sun, 25 Nov 2018 19:43:53 -0600 Subject: [PATCH 3/5] Updated README --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 2d637fa..9f36d97 100644 --- a/README.md +++ b/README.md @@ -21,16 +21,16 @@ Once done, all hostnames in the DNS zone should be available for SSH/Telnet/RDP ### Options Options can be configured as exported variables, set in your shell RC files before calling the tab-sorcery script itself. So far there are two options: -#### Windows RDP Window Geometry -##### Variable: SORC_GEOM_RDP +##### Windows RDP Window Geometry +###### Variable: SORC_GEOM_RDP This option sets the resolution of your Windows RDP connections. If left unset or an invalid value is detected, the default is **1600x900**. Example: ``` export SORC_GEOM_RDP='1280x720' ``` -#### Windows Password File (INSECURE) -##### Variable: SORC_PASS_FILE +##### Windows Password File (INSECURE) +###### Variable: SORC_PASS_FILE This option supplies the path to a plain text file containing a list of hostnames and passwords in the following format: ``` hostname=password From 1d7964cd2124a96dd96d7df0209e7adbbcbb1591 Mon Sep 17 00:00:00 2001 From: Aaron Johnson Date: Sun, 25 Nov 2018 19:48:29 -0600 Subject: [PATCH 4/5] Updated README --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 9f36d97..a0ed3da 100644 --- a/README.md +++ b/README.md @@ -38,12 +38,12 @@ hostname=password If this option is provided, hosts marked as Windows hosts will check this file for a password and pass it on to the alias for the host in order to make logging into Windows almost as painless as *nix hosts. **This feature should be considered temporary and used only at your own risk.** This is a **very insecure** thing to do, and the intent is to replace this later with LastPass support or similar instead, and was added mostly as a personal exercise. -To configure, once you have your password file set up, just export the location as a variable like so: +To configure, once you have your password file set up, just export the location as a variable in your shell RC before sourcing the __Tab Sorcery__ script like so: ``` export SORC_PASS_FILE="$HOME/.some_file" ``` -### Full Example of How to Call the __Tab Sorcery__ Script +### Full Example of How to Call the Tab Sorcery Script Here is a full example utilizing all available options. Please note that only the last line, beginning with a dot, is absolutely required. ``` export SORC_GEOM_RDP='1280x720' From 896a35561652ee6f3928fd42e6bdd2ec15731364 Mon Sep 17 00:00:00 2001 From: Aaron Johnson Date: Sun, 25 Nov 2018 19:53:14 -0600 Subject: [PATCH 5/5] Removed unused reference --- tab-sorcery.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/tab-sorcery.sh b/tab-sorcery.sh index 6e0f4c1..26de512 100644 --- a/tab-sorcery.sh +++ b/tab-sorcery.sh @@ -4,7 +4,6 @@ # $1 == Domain to scan # $2 == Nameserver to do the zone transfer from # $3 == Default username for connections -# $4 == Windows password file (optional and unencrypted plain text; use at your own risk!) scan_domain=$1 scan_ns=$2