Security Basics mailing list archives
RE: changing routers and switchs passwords remotely
From: "Jeff Gercken" <JeffG () kizan com>
Date: Sat, 4 Dec 2004 13:49:34 -0500
I wrote a python script that will do this using an expect-like mechanism. It reads a file containing routername routerip lines and executes whatever command you want on them and outputs the results in a logfile. Another script was written to specifically get "show tech" and can do either IOS or CATOS (an additional field in the device file). And yea, I know they're inefficient and ugly; but they do work! Please correct for word wrap # File: routercmd.py # Author: Jeff Gercken # Date: 9/30/2003 # Description: Connects to ios base routers listed in devicefile. Outputs the results # to a file. # device file format is router_name router_ip. ######################################################################## #### # User variables ######################################################################## #### command='show ver' #optional variable #user = 'jgercken' #optional variable #password = 'shiznit' #optional variable (and no, this has never been my actual passwd) # NOTICE!!!!! if you comment out the above lines the script will PROMPT YOU for them directory='c:\\routercmd\\' devices=directory+'routers.txt' #devices=directory+'test.txt' errorlog=directory+'errors.txt' output=directory+'results.txt' ######################################################################## #### # end of user variables ######################################################################## #### import sys import telnetlib import string import time import os import getpass # prompt for username & password if none already specified print "Type ctrl-C to cancel script.\n" if locals() .has_key('user'): print "Username "+user+" being used. (Hard coded in script)" else: user = raw_input("Enter your username: ") if locals() .has_key('password'): print "Password configured in script being used.\n" else:password = getpass.getpass("Enter your password: ") print "\n\n" # prompt for command to execute unless variable already assigned and confirm confirm=0 while confirm <>1: if locals() .has_key('command'): pass else: command = raw_input("\nEnter the command to execute: ") print 'WARNING!!!! "'+command+'" will be executed on all devices.' confirm = raw_input ("Is this ok? ") if confirm in ('y', 'ye', 'yes'): break else: command = raw_input("\nEnter the command to execute: ") print cdate=time.strftime("%m-%d-%y", time.localtime(time.time())) #Get date in mm-dd-yy format ctime=time.strftime("%X", time.localtime(time.time())) #Get time in hh:mm:ss format devices=open(devices,'r') fileout=open(output,'w') fileout.write('***************************************\nOutput from script routercmd.py\n\ CONFIDENTIAL\n '+cdate+' '+ctime+'\ncommand: '+command) for device in devices.readlines(): device=device.split() if device==[] or device==['\n']:continue # Quit if line is empty print "Connecting to "+device[0] try:tn = telnetlib.Telnet(device[1]) #connect to device except: #if error record in errorfile print 'Error, Device '+device[0]+' unreachable' error=open(errorlog,'a',0) error.write('\n'+cdate+' '+ctime+' Error, Device %s unreachable %s'\ %(device[0],sys.exc_info()[0])) error.close() continue print "Logging in...." tn.read_until("name: ",5) tn.write(user+"\n") time.sleep(1) tn.read_until("Password:",5) tn.write(password+"\n") time.sleep(2) #give the device 2 sec to authenticate w/ TACACS # tn.write("enable\n") # tn.read_until("Password: ",5) # tn.write(password+"\n") # tn.read_until("#",5) # prevent pause in output tn.write("terminal length 0\n") tn.read_until("#",3) tn.read_until("#",3) tn.write("\n") #simply hit return to gleen hostname for future use hostname=tn.read_until("#",1) # Send command to router print "Entering Command...." fileout.write('\n***************************************\n'+ "ROUTER: "+device[0]+'\n') tn.write(command+"\n") tn.read_until(command,1) output=tn.read_until("#",5) string.strip(output) fileout.write(output) print 'Done, getting next device \n' devices.close() fileout.close() print 'Script completed' # File: deviceconfig.py # Author: Jeff Gercken # Date: 1/28/2003 # Description: Connects to network devices listed in devicefile. Outputs to # individual files results of 'show tech'. Folder=device, file is weekday # devicefile format is csv like: name,ip,OS eg: s60-a-1,148.129.170.22,cls # Changeable variables user = 'JG-Script' #change this to your username password = 'I35kC23m' #change this to your password directory='./' #change this to where the devicefile is errorlog=directory+'errors.txt' devices=directory+'devicefile.csv' #change "filename" to match devicefile filename #devices=directory+'test.csv' import sys import telnetlib import string import time import os cdate=time.strftime("%m-%d-%y", time.localtime()) #Get date in mm-dd-yy format ctime=time.strftime("%X", time.localtime()) #Get time in hh:mm:ss format day=time.strftime("%A", time.localtime()) #Get name of day Monday, Tuesday devices=open(devices,'r') for cdevice in devices.readlines(): cdevice=cdevice.split(",",12) if cdevice==[] or cdevice==['\n']:continue # Quit if line is empty print cdevice[0] # Check for existance of subdirectory, create if necessary if os.path.isdir(directory+cdevice[0]):pass else:os.mkdir(directory+cdevice[0]) fileout=open(directory+cdevice[0]+'//'+day+'.txt','w') # Initialize output file with device name, ip, date, and time fileout.write(cdevice[0]+' '+cdevice[1]+' '+cdate+' '+ctime+'\n\n') try:tn = telnetlib.Telnet(cdevice[1]) #connect to device except: #if error record in errorfile print 'Error, Device '+cdevice[0]+' unreachable' error=open(errorlog,'a',0) error.write('\n'+cdate+' '+ctime+' Error, Device %s unreachable %s'\ %(cdevice[0],sys.exc_info()[0])) error.close() break if cdevice[2]=='cls': #if device is switch use these commands print "Device is a switch" print "Downloading data...." tn.read_until("Username: ") tn.write(user+"\n") tn.read_until("Password:") tn.write(password+"\n") time.sleep(2) #give the device time to authenticate tn.write("enable\n") tn.read_until("Password: ") tn.write(password+"\n") tn.read_until("(enable)",10) # prevent pause in output tn.write("set length 0\n") tn.read_until("(enable)",10) # prevent console messages in output tn.write("set logging session disable\n") tn.read_until("(enable)",5) # Send 'sh tech' command to switch tn.write("show tech\n") output=tn.read_until("(enable)",10) string.strip(output) fileout.write(output) fileout.close() else: #assume anything else is a router or ios switch and use ios commands print 'Device is a router or switch running IOS' print "Downloading data...." tn.read_until("name: ",5) tn.write(user+"\n") time.sleep(2) tn.read_until("Password:",5) tn.write(password+"\n") time.sleep(2) #give the device time to authenticate tn.write("enable\n") tn.read_until("Password: ",5) tn.write(password+"\n") tn.read_until("#",5) # prevent pause in output tn.write("terminal length 0\n") tn.read_until("#",5) # console messages not sent by default # Send 'sh tech' command to switch tn.write("show tech\n") output=tn.read_until(cdevice[2]+'#',10) string.strip(output) fileout.write(output) fileout.close() print 'Done, getting next device \n' devices.close() print 'All done' -----Original Message----- From: Juan B [mailto:juanbabi () yahoo com] Sent: Thursday, December 02, 2004 4:24 AM To: security-basics () securityfocus com Subject: changing routers and switchs passwords remotely Hi, in my organization we need to change the enable password of the swithces ( about 80 )and routers once each three monthes I an looking for a cheap utility or application which can help me do that.. can someone advice please? thanks !!! __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Current thread:
- changing routers and switchs passwords remotely Juan B (Dec 02)
- <Possible follow-ups>
- RE: changing routers and switchs passwords remotely Stephane Auger (Dec 03)
- RE: changing routers and switchs passwords remotely Steve Fletcher (Dec 03)
- Re:changing routers and switchs passwords remotely Ghaith Nasrawi (Dec 03)
- RE: changing routers and switchs passwords remotely Stephane Auger (Dec 03)
- RE: changing routers and switchs passwords remotely Steve Fletcher (Dec 03)
- RE: changing routers and switchs passwords remotely Paris E. Stone (Dec 03)
- Re: changing routers and switchs passwords remotely Jimi Thompson (Dec 07)
- RE: changing routers and switchs passwords remotely Jeff Gercken (Dec 07)