violet python demo 1

NO IMAGE
1 Star2 Stars3 Stars4 Stars5 Stars 給文章打分!
Loading...

[email protected]:~/dc# python
Python 2.7.13 (default, Jan 19 2017, 14:48:08) 
[GCC 6.3.0 20170118] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> print "Hello World"
Hello World
>>> port = 21
>>> banner = "FreeFloat FTP Server"
>>> print "[ ] Checking for " banner " on port"   str(port)
[ ] Checking for FreeFloat FTP Server on port21
>>> print "[ ] Checking for "   banner   " on port "   str(port)
[ ] Checking for FreeFloat FTP Server on port 21
>>> banner = "FreeFloat FTP Server"
>>> type(banner)
<type 'str'>
>>> port = 21
>>> type(port)
<type 'int'>
>>> portList=[21,22,80,110]
>>> type(portList)
<type 'list'>
>>> portOpen = True
>>> type(portOpen)
<type 'bool'>
>>> banner = "FreeFloat FTP Server"
>>> print banner.upper()
FREEFLOAT FTP SERVER
>>> print banner.lower()
freefloat ftp server
>>> print banner.replace('FreeFloat','Ability')
Ability FTP Server
>>> print banner.find('FTP')
10
>>> portlist = []
>>> portlist.append(21)
>>> portlist.append(80)
>>> portlist.append(443)
>>> portlist.append(25)
>>> print portlist
[21, 80, 443, 25]
>>> portlist.sort()
>>> print portlist
[21, 25, 80, 443]
>>> pos = portlist.index(80)
>>> print pos
2
>>> print "[ ] There are "   str(pos)   "ports to scan before 80."
[ ] There are 2ports to scan before 80.
>>> portlist.remove(443)
>>> print portlist
[21, 25, 80]
>>> cnt = len(portlist)
>>> print cnt
3
>>> print "[ ] Scanning "   str(cnt)   " Total Ports. "
[ ] Scanning 3 Total Ports. 
>>> services = {'ftp':21, 'ssh':22, 'smtp':25, 'http':80}
>>> services.keys()
['ftp', 'smtp', 'ssh', 'http']
>>> services.items()
[('ftp', 21), ('smtp', 25), ('ssh', 22), ('http', 80)]
>>> services.has_key('ftp')
True
>>> services['ftp']
21
>>> print "[ ] Found vuln with FTP on port "   str(services['ftp'])
[ ] Found vuln with FTP on port 21
>>> import socket
>>> socket.setdefaulttimeout(2)
>>> s = socket.socket()
>>> s.connect(("14.215.177.38",21))
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.7/socket.py", line 228, in meth
return getattr(self._sock,name)(*args)
socket.timeout: timed out
>>> result = s.recv(1024)

access a website whitch is unreachable:

>>> import socket
>>> socket.setdefaulttimeout(2)
>>> s = socket.socket()
>>> s.connect(("110.110.110.110",88))
>>> ans = s.recv(1024)
>>> print ans
>>> if ("FreeFloat Ftp Server" in ans):
...     print "[ ] FreeFLOAT FTP Server is vulnerable."
... else:
...     print "[-] FTP SERVER IS NOT vulnerable"
... 
[-] FTP SERVER IS NOT vulnerable
>>> 

basic try…except…

>>> try:
...     print "[ ] 1337/0 = "   str(1337/0)
... except:
...     print "[-]Error. "
... 
[-]Error. 

for more information

>>> try:
...     print "[ ] 1337/0 = "   str(1337/0)
... except Exception, e:
...     print "[-] Error = "   str(e)
... 
[-] Error = integer division or modulo by zero
>>> 

when try to access some ftp server

>>> import socket
>>> socket.setdefaulttimeout(2)
>>> s = socket.socket()
>>> try:
...     s.connect(("110,110,110,110",21))
... except Exception, e:
...     print "[-] Error = "   str(e)
... 
[-] Error = [Errno -2] Name or service not known

use function

import socket
def retBanner(ip, port):
try:
socket.setdefaulttimeout(2)
s = socket.socket()
s.connect((ip,port))
banner = s.recv(1024)
return banner
except:
return
def main():
ip1 = '110.110.110.110'
ip2 = '110.110.110.111'
port = 21
banner1 = retBanner(ip1,port)
if banner1:
print '[ ] '   ip1   ': '   banner1
banner2 = retBanner(ip2,port)
if banner2:
print '[ ] '   ip2   ': '   banner2
if __name__=='__main__':
main()

use banner to identify whether its a hole for ftp server

import socket
def retBanner(ip,port):
try:
socket.setdefaulttimeout(2)
s = socket.socket()
s.connect((ip,port))
banner = s.recv(1024)
return banner
except:
return
def checkVulns(banner):
if 'FreeFloat Ftp Server (Version 1.00)' in banner:
print '[ ] FreeFloat FTP Server is vulnerable.'
elif '3Com 3CDaemon FTP Server Version 2.0' in banner:
print '[ ] 3CDaemon FTP Server is vulnerable.'
elif 'Ability Server 2.34' in banner:
print '[ ] Ability FTP Server is vulnerable.'
elif 'Sami FTP Server 2.0.2' in banner:
print '[ ] Sami FTP Server is vulnerable.'
else:
print '[-] FTP Server is not vulnerable.'
return
def main():
ip1 = '123.123.123.123'
ip2 = '123.123.123.124'
ip3 = '123.123.123.125'
port = 21
banner1 = retBanner(ip1,port)
if banner1:
print '[ ]'  ip1   ':'   banner1.strip('\n')
checkVulns(banner1)
banner2 = retBanner(ip2,port)
if banner2:
print '[ ]'  ip2   ':'   banner2.strip('\n')
checkVulns(banner2)
banner3 = retBanner(ip3,port)
if banner3:
print '[ ]'  ip3   ':'   banner3.strip('\n')
checkVulns(banner3)
if __name__=='__main__':
main()

use for loop to make the codes simple:

>>> for x in range(1,4):
...     print "192.168.1."   str(x)
... 
192.168.1.1
192.168.1.2
192.168.1.3

use for loop to get all the ports:

>>> portlist = [21,22,25,80,110]
>>> for port in portlist:
...     print port
... 
21
22
25
80
110

to access all the ip and port:

>>> for x in range(1,7):
...     for port in portlist:
...             print "[ ] Checking 192.168.95." str(x) ":" str(port)
... 
[ ] Checking 192.168.95.1:21
[ ] Checking 192.168.95.1:22
[ ] Checking 192.168.95.1:25
[ ] Checking 192.168.95.1:80
[ ] Checking 192.168.95.1:110
[ ] Checking 192.168.95.2:21
[ ] Checking 192.168.95.2:22
[ ] Checking 192.168.95.2:25
[ ] Checking 192.168.95.2:80
[ ] Checking 192.168.95.2:110
[ ] Checking 192.168.95.3:21
[ ] Checking 192.168.95.3:22
[ ] Checking 192.168.95.3:25
[ ] Checking 192.168.95.3:80
[ ] Checking 192.168.95.3:110
[ ] Checking 192.168.95.4:21
[ ] Checking 192.168.95.4:22
[ ] Checking 192.168.95.4:25
[ ] Checking 192.168.95.4:80
[ ] Checking 192.168.95.4:110
[ ] Checking 192.168.95.5:21
[ ] Checking 192.168.95.5:22
[ ] Checking 192.168.95.5:25
[ ] Checking 192.168.95.5:80
[ ] Checking 192.168.95.5:110
[ ] Checking 192.168.95.6:21
[ ] Checking 192.168.95.6:22
[ ] Checking 192.168.95.6:25
[ ] Checking 192.168.95.6:80
[ ] Checking 192.168.95.6:110
>>> 

again the whole logic became this:

import socket
def retBanner(ip,port):
try:
socket.setdefaulttimeout(2)
s = socket.socket()
s.connect((ip,port))
banner = s.recv(1024)
return banner
except:
return
def checkVulns(banner):
if 'FreeFloat Ftp Server (Version 1.00)' in banner:
print '[ ] FreeFloat Ftp Server is vulnerable.'
elif '3Com 3CDaemon FTP Server Version 2.0' in banner:
print '[ ] 3CDaemon FTP server is vulnerable.'
elif 'Ability Server 2.34' in banner:
print '[ ] Ability FTP Server is vulnerable.'
else:
print '[-] FTP server is not vulnerable.'
return
def main():
portlist = [21,22,25,80,110,443]
for x in range(1,255):
ip = '192.168.95.'   str(x)
for port in portlist:
banner = retBanner(ip,port)
if banner:
print '[ ]'   ip   ':'   banner
checkVulns(banner)
if __name__=='__main__':
main()

create a file contains the vulnerable banners of FTP SERVERS

3Com 3CDaemon FTP Server Version 2.0
Ability Server 2.34

then use file operation to deal with the file

import socket
def retBanner(ip,port):
try:
socket.setdefaulttimeout(2)
s = socket.socket()
s.connect((ip,port))
banner = s.recv(1024)
return banner
except:
return
'''def checkVulns(banner):
if 'FreeFloat Ftp Server (Version 1.00)' in banner:
print '[ ] FreeFloat Ftp Server is vulnerable.'
elif '3Com 3CDaemon FTP Server Version 2.0' in banner:
print '[ ] 3CDaemon FTP server is vulnerable.'
elif 'Ability Server 2.34' in banner:
print '[ ] Ability FTP Server is vulnerable.'
else:
print '[-] FTP server is not vulnerable.'
return
'''
def checkVulns(banner):
f = open("vuln_banners.txt",'r')
for line in f.readlines():
if line.strip('\n') in banner:
print "[ ] Server is vulnerable: " banner.strip('\n')
def main():
portlist = [21,22,25,80,110,443]
for x in range(1,255):
ip = '192.168.95.'   str(x)
for port in portlist:
banner = retBanner(ip,port)
if banner:
print '[ ]'   ip   ':'   banner
checkVulns(banner)
if __name__=='__main__':
main()

after import sys module of python,it helps us to creat a command line script

import sys
if len(sys.argv)==2:
filename = sys.argv[1]
print "[ ] Reading Vulnerabilities From :"   filename

check out whether the file is readable,

import sys
import os
if len(sys.argv) == 2:
filename = sys.argv[1]
if not  os.path.isfile(filename):
print "[-]" filename " does not exist."
exit(0)
if not  os.access(filename, os.R_OK):
print "[-]"   filename " access denied."
exit(0)
print "[ ] Reading Vulnerabilities From: "  filename

a complete version

import socket
import os
import sys
def retBanner(ip,port):
try:
socket.setdefaulttimeout(2)
s = socket.socket()
s.connect((ip,port))
banner = s.recv(1024)
return banner
except:
return
def checkVulns(banner, filename):
f = open(filename,'r')
for line in f.readlines():
if line.strip('\n') in banner:
print '[ ] Server is vulnerable: '  banner.strip('\n')
def main():
if len(sys.argv) == 2:
filename = sys.argv[1]
if not os.path.isfile(filename):
print '[-] ' filename ' does not exist.'
exit(0)
if not os.access(filename, os.R_OK):
print '[-] ' filename  'access denied. '
exit(0)
else:
print '[-] Usage: ' str(sys.argv[0])   '<vuln filename>'
exit(0)
portlist = [21,22,25,80,110,443]
for x in range(100,106):
ip = '192.168.2'  str(x)
for port in portlist:
banner = retBanner(ip,port)
if banner:
print '[ ]'  ip   ':'   banner
checkVulns(banner,filename)
if __name__=='__main__':
main()

use crypt function

Help on module crypt:
NAME
crypt
FILE
/usr/lib/python2.7/lib-dynload/crypt.x86_64-linux-gnu.so
MODULE DOCS
https://docs.python.org/library/crypt
FUNCTIONS
crypt(...)
crypt(word, salt) -> string
word will usually be a user's password. salt is a 2-character string
which will be used to select one of 4096 variations of DES. The characters
in salt must be either ".", "/", or an alphanumeric character. Returns
the hashed password as a string, which will be composed of characters from
the same alphabet as the salt.

test result under real environments

>>> import socket
>>> socket.setdefaulttimeout(2)
>>> s=socket.socket()
>>> s.connect(("10.51.61.123",22))
>>> banner=s.recv(2048)
>>> print banner
SSH-2.0-dropbear_2016.74
l
Ƃ
_4V`6B8s¦[email protected],ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-
nistp256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,[email protected]
rsa,ssh-dssgaes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-
cbc,3des-ctr,3des-cbcgaes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,twofish256-cbc,twofish-
cbc,twofish128-cbc,3des-ctr,3des-cbc;hmac-sha1-96,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-
md5;hmac-sha1-96,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-
[email protected],[email protected],noneR>¸Xx"Ŵþ
>>> 

 

相關文章

程式語言 最新文章