协议分析import socket import binascii import hashlib def make_response(buf,username,password,salt): pu=hashlib.md5(password+username).hexdigest() buf=hashlib.md5(pu+salt).hexdigest() return 'md5'+buf def check(host,port,username,password,timeout): try: socket.setdefaulttimeout(timeout) sock=socket.socket(socket.AF_INET,socket.SOCK_STREAM) address=(host,port) sock.connect(address) packet_length = len(username) + 7 +len("\x03user database postgres application_name psql client_encoding UTF8 ") print "%c"%(packet_length) p="%c%c%c%c%c\x03%c%cuser%c%s%cdatabase%cpostgres%capplication_name%cpsql%cclient_encoding%cUTF8%c%c"%( 0,0,0,packet_length,0,0,0,0,username,0,0,0,0,0,0,0,0) print [p] d = "\x00\x00\x00\x54\x00\x03\x00\x00\x75\x73\x65\x72\x00\x70\x6f\x73\x74\x67\x72\x65\x73\x00\x64\x61\x74\x61\x62\x61\x73\x65\x00\x70\x6f\x73\x74\x67\x72\x65\x73\x00\x61\x70\x70\x6c\x69\x63\x61\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x00\x70\x73\x71\x6c\x00\x63\x6c\x69\x65\x6e\x74\x5f\x65\x6e\x63\x6f\x64\x69\x6e\x67\x00\x55\x54\x46\x38\x00\x00" sock.send(d) packet = sock.recv(1024) print packet psql_salt=[] if packet[0]=='R': print "postgresql" a=str([packet[4]]) b=int(a[4:6],16) authentication_type=str([packet[8]]) c=int(authentication_type[4:6],16) if c==5: psql_salt=packet[9:] buf=[] salt = psql_salt lmd5= make_response(buf,username,password,salt) packet_length1=len(lmd5)+5+len('p') pp='p%c%c%c%c%s%c'%(0,0,0,packet_length1 - 1,lmd5,0) sock.send(pp) packet1 = sock.recv(1024) if "R\x00\x00\x00" in packet1: print 'yes' else: print "username or password is wrong " except Exception,e: print e if __name__ == '__main__': host = '127.0.0.1' port = 5432 username = 'postgres1' password = '123456' timeout = 5 check(host,port,username,password,timeout)
postgresql 弱口令检测
最新推荐文章于 2024-04-28 15:54:06 发布