power_password.py
ActivePublic
Actions

Authored by ayounsi on Sep 17 2019, 1:56 PM.

Tags

None

Referenced Files

	F30381113: raw.txt
	Sep 17 2019, 1:56 PM

Subscribers

None

	#!/usr/bin/python3
	#
	# Command line tool to change password on Sentry 3 and 4 PDUs
	# Can also check if the default password is still set
	# 1/ Create a pdus.txt file
	# 2/ usage: power_password.py [-h] [--username USERNAME] [--pdus_list PDUS_LIST]
	# [--check_default]
	#
	# Update Sentry PDUs passwords
	#
	# optional arguments:
	# -h, --help show this help message and exit
	# --username USERNAME Username
	# --pdus_list PDUS_LIST
	# File containing list of hosts to tackle
	# --check_default Check for default user
	#
	import argparse
	import getpass
	import logging
	import requests
	import urllib3

	logging.basicConfig(level=logging.INFO)
	logger = logging.getLogger()

	urllib3.disable_warnings() # Mute insecure TLS warning (as PDUs certs are self signed)

	success = False

	arg_parser = argparse.ArgumentParser(description='Update Sentry PDUs passwords')
	arg_parser.add_argument('--username', help='Username', default='root')
	arg_parser.add_argument('--pdus_list', help='File containing list of hosts to tackle',
	default='pdus.txt')
	arg_parser.add_argument('--check_default', help='Check for default user',
	action='store_true', default=True)

	args = arg_parser.parse_args()

	pdus_list = open(args.pdus_list, 'r')
	current_password = getpass.getpass("Current password:")
	if current_password == '':
	logger.error('Can\'t be empty 👎')
	exit(1)

	new_password = getpass.getpass("New password:")
	new_password_bis = getpass.getpass("Again, just to be sure:")
	if new_password != new_password_bis:
	logger.error('They don\'t match 👎')
	exit(1)

	payload_sentry3 = {'Current_Password': current_password,
	'New_Password': new_password,
	'New_Password_Verify': new_password}
	payload_sentry4 = {'FormButton': 'Apply',
	'UPWC': current_password,
	'UPW': new_password,
	'UPWV': new_password}

	for line in pdus_list.readlines():

	pdu_fqdn = line.rstrip('\n')
	if not pdu_fqdn: # Skip empty lines if any
	continue

	logger.info(pdu_fqdn)
	try:
	response_version_check = requests.get("https://{fqdn}/chngpswd.html".format(fqdn=pdu_fqdn),
	verify=False,
	auth=(args.username, current_password))
	if response_version_check.status_code is 200:
	if 'v7' in response_version_check.headers['Server']:
	payload = payload_sentry3
	logger.info('Sentry 3 detected')
	elif 'v8' in response_version_check.headers['Server']:
	payload = payload_sentry4
	logger.info('Sentry 4 detected')
	else:
	logger.error('Unknown Sentry version')
	continue
	else:
	logger.error("Error {status_code} while trying to change the password.".format(
	status_code=response_version_check.status_code))

	response_change_pw = requests.post("https://{fqdn}/Forms/chngpswd_1".format(fqdn=pdu_fqdn),
	data=payload,
	verify=False,
	auth=(args.username, current_password))

	if response_change_pw.status_code is 200:
	response_check_success = requests.get("https://{fqdn}/chngpswd.html".format(
	fqdn=pdu_fqdn),
	verify=False,
	auth=(args.username, new_password))
	if response_check_success.status_code is 200:
	logger.info('Password updated successfully 😌')
	else:
	logger.error('Error {status_code}. New password not working, \
	the change probably failed'.format(status_code=response_check_success.status_code))
	else:
	logger.error("Error {status_code} while trying to change the password.".format(
	status_code=response_change_pw.status_code))

	if args.check_default:
	response = requests.get("https://{fqdn}/chngpswd.html".format(fqdn=pdu_fqdn),
	verify=False,
	auth=('admn', 'admn'))
	if response.status_code is 200:
	logger.warning('Default user found 😞')
	else:
	logger.warning('No default user 👍')
	except Exception:
	logger.error('Something went wrong.')

Event Timeline

ayounsi created this paste.Sep 17 2019, 1:56 PM

power_password.pyActivePublicActions

Event Timeline

power_password.py
ActivePublic
Actions