Python 实现Unix/Zip密码破解机-摩杜云开发者社区

实现简单探测：使用socket模块，connect()方法建立与指定IP和端口的网络连接；revc(1024)方法将读取套接字中接下来的1024B数据

import socket import sys socket.setdefaulttimeout(2) s=socket.socket() s.connect(('192.168.1.1',21)) ans=s.recv(1024) print(ans)

通过函数实现：通过def()关键字定义，示例中定义扫描FTP banner信息的函数

import socket def retBanner(ip,port): try: socket.setdefaulttimeout(2) s = socket.socket() s.connect((ip,port)) banner = s.recv(1024) return banner except: return

def checkVulns(banner): if 'vsFTPd' in banner: print '[+] vsFTPd is vulnerable.'
    elif 'FreeFloat Ftp Server' in banner: print '[+] FreeFloat Ftp Server is vulnerable.'
    else: print '[-] FTP Server is not vulnerable.'
    return

def main(): ips = ['10.10.10.128','10.10.10.160'] port = 21 banner1 = retBanner(ips[0],port) if banner1: print '[+] ' + ips[0] + ": " + banner1.strip('\n') checkVulns(banner1) banner2 = retBanner(ips[1],port) if banner2: print '[+] ' + ips[1] + ": " + banner2.strip('\n') checkVulns(banner2) if __name__ == '__main__': main()

迭代实现：迭代探测

import socket def retBanner(ip,port): try: socket.setdefaulttimeout(2) s = socket.socket() s.connect((ip,port)) banner = s.recv(1024) return banner except: return

def checkVulns(banner): if 'vsFTPd' in banner: print '[+] vsFTPd is vulnerable.'
    elif 'FreeFloat Ftp Server' in banner: print '[+] FreeFloat Ftp Server is vulnerable.'
    else: print '[-] FTP Server is not vulnerable.'
    return

def main(): portList = [21,22,25,80,110,443] ip = '10.10.10.128'
    for port in portList: banner = retBanner(ip,port) if banner: print '[+] ' + ip + ':' + str(port) + '--' + banner if port == 21: checkVulns(banner) if __name__ == '__main__': main()

OS模块： os.path.isfile()检查该文件是否存在 os.access()判断当前用户是否有权限读取该文件

import sys import os if len(sys.argv) == 2: filename = sys.argv[1] if not os.path.isfile(filename): print '[-] ' + filename + ' does not exit.' exit(0) if not os.access(filename,os.R_OK): print '[-] ' + filename + ' access denied.' exit(0) print '[+] Reading From: ' + filename

整合上面的代码

import socket import sys import os def retBanner(ip,port): try: socket.setdefaulttimeout(2) s = socket.socket() s.connect((ip,port)) banner = s.recv(1024) return banner except: return

def checkVulns(banner,filename): f = open(filename, 'r') for line in f.readlines(): if line.strip('\n') in banner: print '[+] Server is vulnerable: ' + banner.strip('\n') def main(): if len(sys.argv) == 2: filename = sys.argv[1] if not os.path.isfile(filename): print '[-] ' + filename + ' does not exit.' exit(0) if not os.access(filename,os.R_OK): print '[-] ' + filename + ' access denied.' exit(0) print '[+] Reading From: ' + filename else: print '[-] Usage: ' + str(sys.argv[0]) + ' <vuln filename>' exit(0) portList = [21,22,25,80,110,443] ip = '10.10.10.128'
    for port in portList: banner = retBanner(ip,port) if banner: print '[+] ' + ip + ':' + str(port) + '--' + banner if port == 21: checkVulns(banner,filename) if __name__ == '__main__': main()

Unix口令破解机: 这段代码通过分别读取两个文件，一个为加密口令文件，另一个为用于猜测的字典文件。在testPass()函数中读取字典文件，并通过crypt.crypt()进行加密，其中需要一个明文密码以及两个字节的盐，然后再用加密后的信息和加密口令进行比较查看是否相等即可。

#!/usr/bin/python #coding=utf-8
import crypt def testPass(cryptPass): salt = cryptPass[0:2] dictFile = open('dictionary.txt','r') for word in dictFile.readlines(): word = word.strip('\n') cryptWord = crypt.crypt(word,salt) if cryptWord == cryptPass: print '[+] Found Password: ' + word + "\n"
            return
    print '[-] Password not Found.\n'
    return

def main(): passFile = open('passwords.txt') for line in passFile.readlines(): if ":" in line: user = line.split(':')[0] cryptPass = line.split(':')[1].strip(' ') print '[*] Cracking Password For : ' + user testPass(cryptPass) if __name__ == '__main__': main()

Zip文件口令破解机: 主要使用zipfile库的extractall()方法，其中pwd参数指定密码

import zipfile import optparse from threading import Thread def extractFile(zFile,password): try: zFile.extractall(pwd=password) print '[+] Fonud Password : ' + password + '\n'
    except: pass

def main(): parser = optparse.OptionParser("[*] Usage: ./unzip.py -f <zipfile> -d <dictionary>") parser.add_option('-f',dest='zname',type='string',help='specify zip file') parser.add_option('-d',dest='dname',type='string',help='specify dictionary file') (options,args) = parser.parse_args() if (options.zname == None) | (options.dname == None): print parser.usage exit(0) zFile = zipfile.ZipFile(options.zname) passFile = open(options.dname) for line in passFile.readlines(): line = line.strip('\n') t = Thread(target=extractFile,args=(zFile,line)) t.start() if __name__ == '__main__': main()