Python 实现Unix/Zip密码破解机
实现简单探测:使用socket模块,connect()方法建立与指定IP和端口的网络连接;revc(1024)方法将读取套接字中接下来的1024B数据
import socket import sys socket.setdefaulttimeout(2) s=socket.socket() s.connect(('192.168.1.1',21)) ans=s.recv(1024) print(ans)
通过函数实现:通过def()关键字定义,示例中定义扫描FTP banner信息的函数
import socket def retBanner(ip,port): try: socket.setdefaulttimeout(2) s = socket.socket() s.connect((ip,port)) banner = s.recv(1024) return banner except: return def checkVulns(banner): if 'vsFTPd' in banner: print '[+] vsFTPd is vulnerable.' elif 'FreeFloat Ftp Server' in banner: print '[+] FreeFloat Ftp Server is vulnerable.' else: print '[-] FTP Server is not vulnerable.' return def main(): ips = ['10.10.10.128','10.10.10.160'] port = 21 banner1 = retBanner(ips[0],port) if banner1: print '[+] ' + ips[0] + ": " + banner1.strip('\n') checkVulns(banner1) banner2 = retBanner(ips[1],port) if banner2: print '[+] ' + ips[1] + ": " + banner2.strip('\n') checkVulns(banner2) if __name__ == '__main__': main()
迭代实现:迭代探测
import socket def retBanner(ip,port): try: socket.setdefaulttimeout(2) s = socket.socket() s.connect((ip,port)) banner = s.recv(1024) return banner except: return def checkVulns(banner): if 'vsFTPd' in banner: print '[+] vsFTPd is vulnerable.' elif 'FreeFloat Ftp Server' in banner: print '[+] FreeFloat Ftp Server is vulnerable.' else: print '[-] FTP Server is not vulnerable.' return def main(): portList = [21,22,25,80,110,443] ip = '10.10.10.128' for port in portList: banner = retBanner(ip,port) if banner: print '[+] ' + ip + ':' + str(port) + '--' + banner if port == 21: checkVulns(banner) if __name__ == '__main__': main()
OS模块: os.path.isfile()检查该文件是否存在 os.access()判断当前用户是否有权限读取该文件
import sys import os if len(sys.argv) == 2: filename = sys.argv[1] if not os.path.isfile(filename): print '[-] ' + filename + ' does not exit.' exit(0) if not os.access(filename,os.R_OK): print '[-] ' + filename + ' access denied.' exit(0) print '[+] Reading From: ' + filename
整合上面的代码
import socket import sys import os def retBanner(ip,port): try: socket.setdefaulttimeout(2) s = socket.socket() s.connect((ip,port)) banner = s.recv(1024) return banner except: return def checkVulns(banner,filename): f = open(filename, 'r') for line in f.readlines(): if line.strip('\n') in banner: print '[+] Server is vulnerable: ' + banner.strip('\n') def main(): if len(sys.argv) == 2: filename = sys.argv[1] if not os.path.isfile(filename): print '[-] ' + filename + ' does not exit.' exit(0) if not os.access(filename,os.R_OK): print '[-] ' + filename + ' access denied.' exit(0) print '[+] Reading From: ' + filename else: print '[-] Usage: ' + str(sys.argv[0]) + '' exit(0) portList = [21,22,25,80,110,443] ip = '10.10.10.128' for port in portList: banner = retBanner(ip,port) if banner: print '[+] ' + ip + ':' + str(port) + '--' + banner if port == 21: checkVulns(banner,filename) if __name__ == '__main__': main()
Unix口令破解机: 这段代码通过分别读取两个文件,一个为加密口令文件,另一个为用于猜测的字典文件。在testPass()函数中读取字典文件,并通过crypt.crypt()进行加密,其中需要一个明文密码以及两个字节的盐,然后再用加密后的信息和加密口令进行比较查看是否相等即可。
#!/usr/bin/python #coding=utf-8 import crypt def testPass(cryptPass): salt = cryptPass[0:2] dictFile = open('dictionary.txt','r') for word in dictFile.readlines(): word = word.strip('\n') cryptWord = crypt.crypt(word,salt) if cryptWord == cryptPass: print '[+] Found Password: ' + word + "\n" return print '[-] Password not Found.\n' return def main(): passFile = open('passwords.txt') for line in passFile.readlines(): if ":" in line: user = line.split(':')[0] cryptPass = line.split(':')[1].strip(' ') print '[*] Cracking Password For : ' + user testPass(cryptPass) if __name__ == '__main__': main()
Zip文件口令破解机: 主要使用zipfile库的extractall()方法,其中pwd参数指定密码
import zipfile import optparse from threading import Thread def extractFile(zFile,password): try: zFile.extractall(pwd=password) print '[+] Fonud Password : ' + password + '\n' except: pass def main(): parser = optparse.OptionParser("[*] Usage: ./unzip.py -f-d ") parser.add_option('-f',dest='zname',type='string',help='specify zip file') parser.add_option('-d',dest='dname',type='string',help='specify dictionary file') (options,args) = parser.parse_args() if (options.zname == None) | (options.dname == None): print parser.usage exit(0) zFile = zipfile.ZipFile(options.zname) passFile = open(options.dname) for line in passFile.readlines(): line = line.strip('\n') t = Thread(target=extractFile,args=(zFile,line)) t.start() if __name__ == '__main__': main()