0

I'm trying to do a login script using python that will attempt to login with the shell command login -q MyUsername and try multiple passwords. I can already generate the passwords needed but when I try to login using the code below, the login command responds that I entered the wrong username although I know I'm writing it correctly. To clarify: I'm creating a script to login using the shell command login when I already know the username but not the password. The code below shows what I'm doing (iterating over the passwords).

for password in passwordList:
    p = Popen(["login","-q","MyUsername"], stdin=PIPE, stdout=PIPE) #The username MyUsername is correct, 100% sure
    print repr(p)

    stdout_value = p.communicate(password)[0] #
    print(str(stdout_value))
    if repr(stdout_value).startswith('Login incorrect\nlogin: '):
        print "ERROR"
    else:
        print "GOOD"
        break

If I type in the command login -q MyUsername directly into the terminal, I get prompted to write my password whereas using the script returns 'Login Incorrect'. I'm also confused as how Popen works and how to write to stdout.

Thanks in advance!

(Other question: Is there an easier way to do this? (Attempt to login using multiple passwords) I'm using login because it has no lockdown and the user data can't be accessed if it is not by the superuser).

Improve this question

1 Answer 1

Reset to default
1

login might read/write directly from/to terminal (tty) outside of process' stdin/stdout. You could use pexpect instead, read the first reason in its docs Q: Why not just use a pipe (popen())?:

import pexpect
output, rc = pexpect.run("login -q MyUsername",
         events={"(?i)password: ": "password"},
         withexitstatus=True)

Is there an easier way to do this?

Read the hashes from /etc/passwd, /etc/shadow and check those using crypt.crypt(). Or use a specialized tool to test for weak passwords such as "John the Reaper".

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thank you, pexpect worked for my need. Regarding the second question, I looked at /etc/passwd but the file does not contain any hashes, it contains addresses for applications (I think?) example: _mysql:*:74:74:MySQL Server:/var/empty:/usr/bin/false.
@romsearcher: do you see any other filename (apart from /etc/passwd) in the answer?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.