Initial commit

README.org

@@ -0,0 +1,12 @@
+* Base Script Ideas
+
+- [-] Script to change passwords on admin users and print out the set passwords.
+  - [ ] Should work for services too.
+  - [X] Should have a script to auto generate password.
+  - [ ] Should also be able to change important services such as cisco routers, etc.
+    - ssh?
+- [ ] Custom firewall based on red teams tools?
+  - [ ] Should be able to alert on things like port scans, incoming connections, etc.
+  - [ ] Should be able to block connections that are detected as malicious.
+- [ ] Powershell scripts to apply good security defaults for group policy.
+- [ ] Powershell script to list potentially misconfigured permissions (eg. Users with admin permissions)

gen_pass.py

@@ -0,0 +1,34 @@
+#!/usr/bin/env python3
+import string
+import random
+
+MAX_WORD_LEN = 10
+MIN_WORD_LEN = 6
+
+def gen_pass(dict_file="wordlists/words_alpha.txt"):
+    wordlist = []
+    with open(dict_file, 'r') as f:
+        lines = f.read().splitlines()
+        for i in range(len(lines)):
+            if not (MIN_WORD_LEN <= len(lines[i]) <= MAX_WORD_LEN):
+                continue
+
+            wordlist.append(lines[i][0].upper() + lines[i][1:])
+
+    other_chars = [string.punctuation, string.digits, string.digits]
+    random.shuffle(other_chars)
+
+    return (
+        random.choice(wordlist) +
+        random.choice(other_chars[0]) +
+        random.choice(wordlist) +
+        random.choice(other_chars[1]) +
+        random.choice(wordlist) +
+        random.choice(other_chars[2])
+    )
+
+def main():
+    print(gen_pass())
+
+if __name__ == '__main__':
+    main()

password_reset.py

@@ -0,0 +1,35 @@
+import json
+import subprocess
+from pathlib import PurePath, Path
+from gen_pass import gen_pass
+
+class PasswordReset:
+    def __init__(self, default_pass, ip_addrs):
+        self.password = default_pass
+        self.ip_addrs = ip_addrs
+
+    def change(self):
+        password_map = {}
+
+        for ip in self.ip_addrs:
+            new_pass = gen_pass()
+            script_dir = PurePath(__file__).parent
+            script_path = str(Path(script_dir) / 'reset_scripts' / 'ssh_linux.exp') # Should be dynamic
+            command = ['expect', '-f', script_path, 'tester', self.password, ip, new_pass,]
+
+            try:
+                subprocess.run(command, check=True)
+            except subprocess.CalledProcessError as e:
+                print("Error changing password: ", e)
+
+            password_map[ip] = new_pass
+
+        return password_map
+
+
+def main():
+    res = PasswordReset("badpass", ["192.168.7.242"])
+    print(json.dumps(res.change()))
+
+if __name__ == '__main__':
+    main()

reset_scripts/ssh_linux.exp

@@ -0,0 +1,17 @@
+#!/usr/bin/expect -f
+
+set user [lindex $argv 0]
+set pass [lindex $argv 1]
+set ip_addr [lindex $argv 2]
+set new_pass [lindex $argv 3]
+
+spawn ssh -o "StrictHostKeyChecking no" $user@$ip_addr passwd
+expect "assword:"
+send "$pass\r"
+expect "Current password:"
+send "$pass\r"
+expect "password:"
+send "$new_pass\r"
+expect "password:"
+send "$new_pass\r"
+expect eof