postgresql 弱口令检测

import  socket
import binascii
import hashlib
def make_response(buf,username,password,salt):
    pu=hashlib.md5(password+username).hexdigest()
    buf=hashlib.md5(pu+salt).hexdigest()
    return 'md5'+buf
def check(host,port,username,password,timeout):
 try:
    socket.setdefaulttimeout(timeout)
    sock=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
    address=(host,port)
    sock.connect(address)
    packet_length = len(username) + 7 +len("\x03user  database postgres application_name psql client_encoding UTF8  ")
    print "%c"%(packet_length)
    p="%c%c%c%c%c\x03%c%cuser%c%s%cdatabase%cpostgres%capplication_name%cpsql%cclient_encoding%cUTF8%c%c"%( 0,0,0,packet_length,0,0,0,0,username,0,0,0,0,0,0,0,0)
    print [p]
    d = "\x00\x00\x00\x54\x00\x03\x00\x00\x75\x73\x65\x72\x00\x70\x6f\x73\x74\x67\x72\x65\x73\x00\x64\x61\x74\x61\x62\x61\x73\x65\x00\x70\x6f\x73\x74\x67\x72\x65\x73\x00\x61\x70\x70\x6c\x69\x63\x61\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x00\x70\x73\x71\x6c\x00\x63\x6c\x69\x65\x6e\x74\x5f\x65\x6e\x63\x6f\x64\x69\x6e\x67\x00\x55\x54\x46\x38\x00\x00"

    sock.send(d)
    packet = sock.recv(1024)
    print packet
    psql_salt=[]
    if packet[0]=='R':
        print "postgresql"
        a=str([packet[4]])
        b=int(a[4:6],16)
        authentication_type=str([packet[8]])
        c=int(authentication_type[4:6],16)
        if c==5:
            psql_salt=packet[9:]
    buf=[]
    salt = psql_salt
    lmd5= make_response(buf,username,password,salt)
    packet_length1=len(lmd5)+5+len('p')
    pp='p%c%c%c%c%s%c'%(0,0,0,packet_length1 - 1,lmd5,0)
    sock.send(pp)
    packet1 = sock.recv(1024)
    if "R\x00\x00\x00" in packet1:
        print 'yes'
    else:  
        print "username or password is wrong "
 except Exception,e:
     print e

if __name__ == '__main__':
    host = '127.0.0.1'
    port = 5432
    username = 'postgres1'
    password = '123456'
    timeout = 5
    check(host,port,username,password,timeout)
协议分析