An Update to MEC


switching to prompt_toolkit

python's readline module sucks

heres how:

python's readline cannot handle ANSI color codes properly, when i try to use ANSI color code in the prompt message, history browsing (via up/down key) fucks the prompt up

here's the code, it's from python's doc, i made a small console app using HistoryConsole.raw_input():

import atexit
import code
import os
import readline


class HistoryConsole(code.InteractiveConsole):
    def __init__(self, locals=None, filename="<console>",
                 histfile=os.path.expanduser("~/.console-history")):
        code.InteractiveConsole.__init__(self, locals, filename)
        self.init_history(histfile)

    def init_history(self, histfile):
        readline.parse_and_bind("tab: complete")
        if hasattr(readline, "read_history_file"):
            try:
                readline.read_history_file(histfile)
            except FileNotFoundError:
                pass
            atexit.register(self.save_history, histfile)

    def save_history(self, histfile):
        readline.set_history_length(1000)
        readline.write_history_file(histfile)


# my code goes below
myconsole = HistoryConsole()

while True:
    user_input = myconsole.raw_input(prompt="\033[31m>>> \033[0m")
    print(f"echo: {user_input}")
    if user_input == "q":
        break

this bug fucks up mec's prompt too

so i decided to look for another solution, thats when i found prompt_toolkit

its not based on readline:

prompt_toolkit is cross platform, and everything that you build on top should run fine on both Unix and Windows systems. Windows support is best on recent Windows 10 builds, for which the command line window supports vt100 escape sequences. (If not supported, we fall back to using Win32 APIs for color and cursor movements).

i took some of its features to rewrite the mec console, heres how it looks like when done:

other updates

zoomeye

  • handle login errors, report any error occured during login
  • set 5s timeout on each thread, making sure we dont wait forever

ssh brute force

disable key auth, TBH i never ever thought paramiko automatically tries key auth, this is fucking insane as you are telling the target Hi it's me trying to log in, and I plan to crack your password

Comments

comments powered by Disqus