I was looking through my email this morning as someone needed to turn on and access a really old switch in a specific part of the network, but no one could remember the credentials. Resetting the switch would have been a big hustle in that specific area (it’s essentially a museum, the disruption would be unpleasant), so I was looking into what had been used to change the username and passwords over the years.
You may have noticed how I am telling people that network automation is not new to me and that I was using it (more than) 10 years ago, starting with TCL/Expect and VBA.
I just run into one of those scripts today and then some more.. and got the missing password from it. The first one is TCL/Expect, it was called from VBA code embedded in an Excel spreadsheet with Device IP Addresses in it, and buttons on a toolbar (I still think using Excel is a bad idea for automating stuff). The ip address was probably the argument to the script, which run in a command prompt window. We would run those 10 at a time to get a chance to watch the progress, changing the passwords and authentication scheme across the network. I won’t get into the syntax or the language, this is a relic, if you touch it it dissolves like in the Indiana Jones movies. The tabs are all over the place. Never mind, just capture the essence. I have resorted back to tcl/expect at some point when needing to pass very quickly through three devices to activate an interface on a forth one, as soon as a something was in motion (it was a fallback/roll back procedure) and it could be very fast (and very dangerous) as it didn’t really check for the response patterns in every case, it mostly just fired away.. Today’s scripts and practices are much safer. This was from 2010:
#!/bin/sh
# \
exec tclsh "$0" ${1+"$@"}
package require Expect
#set ::exp::winnt_debug 1
puts stdout "@Connecting to the moon"
set force_conservative 1 ;# set to 1 to force conservative mode even if
;# script wasn't run conservatively originally
if {$force_conservative} {
set send_slow {1 .1}
proc send {ignore arg} {
sleep .2
exp_send -s -- $arg
}
}
set hostname [lindex $argv 0]
set timeout -1
spawn telnet $hostname
expect -- "name:"
send -- "adminuser\r"
expect -- "sword:"
send -- "password3\r"
expect -- ">"
send -- "en\r"
expect -- "sword:"
send -- "password3\r"
expect -- "#"
puts stdout " "
puts stdout "@Connected to $hostname"
sleep 1
send -- "\r"
expect -- "#"
send -- "conf t\r"
expect -- "#"
send -- "username adminuser privilege 15 secret password1\r"
expect -- "#"
#send -- "aaa new-model\r"
#expect -- "#"
send -- "enable secret password2\r"
expect -- "#"
send -- "exit\r"
send -- "exit\r"
puts stdout " "
puts stdout "@Checklist"
sleep 1
spawn telnet $hostname
expect -- "name:"
send -- "adminuser\r"
expect -- "sword:"
send -- "password1\r"
expect -- ">"
send -- "en\r"
expect -- "sword:"
send -- "password2\r"
expect -- "#"
puts stdout " "
puts stdout "@Connected to $hostname"
sleep 2
send -- "\r"
expect -- "#"
send -- "show run | in username\r"
expect -- "#"
#send -- "show run | in aaa new-model\r"
#expect -- "#"
send -- "show run | in enable secret\r"
expect -- "#"
puts stdout " "
puts stdout "@Point of no Return! Close Window."
send -- "\r"
expect -- "#"
sleep 1
send -- "write mem\r"
expect -- "#"
send -- "logout\r"
puts stdout " "
puts stdout "@End of Script"
sleep 5
The next one is from 6 years later.. I had been playing with Perl, using it to modify modules used by Smokeping to calculate latency, in cases where no other solution was possible to get metrics for intermediate hops in a network path. This is now so easily portrayed by contemporary tools like ThousandEyes now integrated into Catalyst Switches.
We wanted to check counters for the MLS ACL drops which was not available through SNMP, and get graphs. We were using MRTG so I found it was possible to get results from a script into a graph as long as the results followed a specific format (nothing complicated, the Smokeping ones wanted an array, MRTG just wanted a metric). It did the job, but MRTG didn’t have much life in it. I did a similar thing with Python and TIG in 2020 for keeping track of the VPN user number currently online. The tools and support were much better in this case though..
So here is the script, again don’t judge, it’s a relic. Better support for connecting to Cisco equipment through SSH though.
#!/usr/bin/perl -w
use strict;
use Net::Appliance::Session;
my $host="10.150.201.4";
my $user="adminuser";
my $pass="password";
my $s = Net::Appliance::Session->new({
personality => 'ios',
transport => 'SSH',
host => $host
});
try {
$s->connect({ username => $user, password => $pass });
# $s->begin_privileged({ password => 'privilegedpass' });
my @output = $s->cmd('sh mls statistics');
my @counters = ();
while (@output){
my $outline = shift @output;
chomp($outline);
$outline =~ /^\s+Total packets dropped by ACL\s+:\s(.*)/ && push(@counters,$1);
}
my $lastcounter = pop(@counters);
print $lastcounter,"\n";
print $lastcounter,"\n";
print "0\n";
print $host, "\n";
}
catch {
warn "failed to execute command: $_";
}
finally {
$s->close;
};It did it’s job beautifully. And here is the MRTG config that called it:
EnableIPv6: no
WorkDir: /srv/www/htdocs/mrtg/mlscounters
Options[_]: gauge, nopercent, growright
WithPeak[_]:ymw
#LogFormat: rrdtool
#PathAdd: /usr/bin
###########################
### 6509 ###
###########################
### cpu Utilization >> Descr: 'cpu Utilization' | Name: 'cpuutil' ###
Target[c6509c1mlsdrops]: `/usr/scripts/mlscounters.pl`
YLegend[c6509c1mlsdrops]: mls drops by acl
ShortLegend[c6509c1mlsdrops]: counter
MaxBytes[c6509c1mlsdrops]: 10000000
AbsMax[c6509c1mlsdrops]: 10000000
kMG[c6509c1mlsdrops]: ,,
Options[c6509c1mlsdrops]: integer, gauge, nopercent, growright
#Unscaled[c6509c1mlsdrops]: dwmy
Legend1[c6509c1mlsdrops]: drops by acl
Legend2[c6509c1mlsdrops]: .
Legend3[c6509c1mlsdrops]: Max value per interval on graph
Legend4[c6509c1mlsdrops]: .
LegendI[c6509c1mlsdrops]: acldrops:
LegendO[c6509c1mlsdrops]: .
Title[c6509c1mlsdrops]: c6509c1 drops by ACL
PageTop[c6509c1mlsdrops]: <H1>c6509c1 drops by ACL</H1>
Colours[c6509c1mlsdrops]: GREEN#00eb0c,BLUE#0000ff,GRAY#AAAAAA,VIOLET#ff00ff
WithPeak[c6509c1mlsdrops]: ymwdWell that’s it! A blast from the past!
I hope you are all doing great. Like always if you need anything, look me up under the mythryll handle on twitter.
Have a great day!