From e6ea80e18e314ddcdf9b07916a657a75d8275798 Mon Sep 17 00:00:00 2001
From: Peter Toth <peter.toth@sucaba.eu>
Date: Thu, 4 Jan 2018 16:13:51 +0100
Subject: [PATCH] More robust password prompt handler

Some SSH clients used a more verbose password prompt: "Password for user@pfSense.domain.local:". This patch makes the parent process wait for any string starting with "Password" and ending with ":"
---
 lib/modules/python/lateral_movement/multi/ssh_command.py  | 2 +-
 lib/modules/python/lateral_movement/multi/ssh_launcher.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/modules/python/lateral_movement/multi/ssh_command.py b/lib/modules/python/lateral_movement/multi/ssh_command.py
index 39ec4d2..78b0719 100644
--- a/lib/modules/python/lateral_movement/multi/ssh_command.py
+++ b/lib/modules/python/lateral_movement/multi/ssh_command.py
@@ -107,7 +107,7 @@ def wall(host, pw):
     while True:
         try:
             data = os.read(fd, 1024)
-            if data == "Password:":
+            if data[:8] == "Password" and data[-1:] == ":":
                 os.write(fd, pw + '\\n')
 
         except OSError:
diff --git a/lib/modules/python/lateral_movement/multi/ssh_launcher.py b/lib/modules/python/lateral_movement/multi/ssh_launcher.py
index 512c153..f3d4ecc 100644
--- a/lib/modules/python/lateral_movement/multi/ssh_launcher.py
+++ b/lib/modules/python/lateral_movement/multi/ssh_launcher.py
@@ -121,7 +121,7 @@ def wall(host, pw):
     while True:
         try:
             data = os.read(fd, 1024)
-            if data == "Password:":
+            if data[:8] == "Password" and data[-1:] == ":":
                 os.write(fd, pw + '\\n')
 
         except OSError: