def login(self, ipaddress, port, user_passwd_pair_list): for user_passwd_pair in user_passwd_pair_list: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: s.settimeout(self.timeout) s.connect((ipaddress, port)) except Exception as E: logger.debug('ConnectException: {} {} {}'.format(E, ipaddress, port)) return finally: s.close() try: conn = psycopg2.connect(host=ipaddress, port=int(port), user=user_passwd_pair[0], password=user_passwd_pair[1], connect_timeout=self.timeout ) log_success("PostgreSQL", ipaddress, port, user_passwd_pair) conn.close() except Exception as E: logger.debug('AuthenticationException: %s' % E) continue finally: pass
def login_with_hash(self, ipaddress, port, hashes): user_hash_pair_list = [] for hash in hashes: user_hash_pair_list.append(hash.strip().split(",")) for user_hash_pair in user_hash_pair_list: try: fp = SMBConnection('*SMBSERVER', ipaddress, sess_port=int(port), timeout=self.timeout) except Exception as E: logger.debug('ConnectException: {} {} {}'.format(E, ipaddress, port)) return try: if fp.login(user_hash_pair[1], "", domain=user_hash_pair[0], lmhash=user_hash_pair[2].split(":")[0], nthash=user_hash_pair[2].split(":")[1]): if fp.isGuestSession() == 0: log_success("SMB", ipaddress, port, [ "{}/{}".format(user_hash_pair[0], user_hash_pair[1]), user_hash_pair[2] ]) except Exception as E: logger.debug('AuthenticationException: %s' % E) finally: fp.getSMBServer().get_socket().close()
def login(self, ipaddress, port, user_passwd_pair_list): for user_passwd_pair in user_passwd_pair_list: try: fp = SMBConnection('*SMBSERVER', ipaddress, sess_port=int(port), timeout=self.timeout) except Exception as E: logger.debug('ConnectException: {} {} {}'.format(E, ipaddress, port)) return try: if "\\" in user_passwd_pair[0]: domain = user_passwd_pair[0].split("\\")[0] username = user_passwd_pair[0].split("\\")[1] else: domain = "" username = user_passwd_pair[0] if fp.login(username, user_passwd_pair[1], domain=domain): if fp.isGuestSession() == 0: if domain == "": log_success("SMB", ipaddress, port, user_passwd_pair) else: log_success("SMB", ipaddress, port, ["{}\\{}".format(domain, username), user_passwd_pair[1]]) except Exception as E: logger.debug('AuthenticationException: %s' % E) finally: fp.getSMBServer().get_socket().close()
def login(self, ipaddress, port, user_passwd_pair_list): for user_passwd_pair in user_passwd_pair_list: try: flag = check_rdp(ipaddress, port, user_passwd_pair[0], user_passwd_pair[1], "", timeout=self.timeout) if flag: log_success("RDP", ipaddress, port, user_passwd_pair) except Exception as E: logger.debug('ConnectException: {} {} {}'.format(E, ipaddress, port)) return
def login(self, ipaddress, port, user_passwd_pair_list): for user_passwd_pair in user_passwd_pair_list: try: fp = pymysql.connect(host=ipaddress, port=int(port), user=user_passwd_pair[0], passwd=user_passwd_pair[1], connect_timeout=self.timeout) fp.get_server_info() log_success("MYSQL", ipaddress, port, user_passwd_pair) except Exception as E: logger.debug('AuthenticationException: %s' % E) continue finally: pass
def login_with_pool(self, ipaddress, port, user_passwd_pair_list, pool_size=10): for user_passwd_pair in user_passwd_pair_list: try: client = ParallelSSHClient(hosts=[ipaddress], port=port, user=user_passwd_pair[0], password=user_passwd_pair[1], num_retries=0, timeout=self.timeout, pool_size=pool_size) output = client.run_command('whoami', timeout=self.timeout) log_success("SSH", ipaddress, port, user_passwd_pair) except Exception as E: logger.debug('AuthenticationException: ssh') continue finally: pass
def login(self, ipaddress, port, user_passwd_pair_list): v = VNC(self.timeout) for user_passwd_pair in user_passwd_pair_list: try: version = v.connect(ipaddress, int(port)) if v.login(user_passwd_pair[1]): log_success("VNC", ipaddress, port, user_passwd_pair) return except Exception as E: logger.debug('AuthenticationException: %s' % E) continue finally: pass
def login(self, ipaddress, port, user_passwd_pair_list): for user_passwd_pair in user_passwd_pair_list: try: fp = SMBConnection('*SMBSERVER', ipaddress, sess_port=int(port), timeout=self.timeout) except Exception as E: logger.debug('ConnectException: {} {} {}'.format(E, ipaddress, port)) return try: if fp.login(user_passwd_pair[0], user_passwd_pair[1], ""): if fp.isGuestSession() == 0: log_success("SMB", ipaddress, port, user_passwd_pair) except Exception as E: logger.debug('AuthenticationException: %s' % E) finally: fp.getSMBServer().get_socket().close()
def login(self, ipaddress, port, user_passwd_pair_list): for user_passwd_pair in user_passwd_pair_list: try: r = redis.Redis(host=ipaddress, port=port, db=0, socket_connect_timeout=self.timeout) except Exception as E: logger.debug('ConnectException: {} {} {}'.format(E, ipaddress, port)) return try: id = r.execute_command("AUTH {}".format(user_passwd_pair[1])) log_success("Redis", ipaddress, port, user_passwd_pair) return except Exception as E: logger.debug('AuthenticationException: %s' % E) continue finally: pass
def login_with_pool_key(self, ipaddress, port, user_passwd_pair_list, key_file_path_list, pool_size=10): for key_file_path in key_file_path_list: for user_passwd_pair in user_passwd_pair_list: # for user in users: try: client = ParallelSSHClient(hosts=[ipaddress], port=port, user=user_passwd_pair[0], pkey=key_file_path, num_retries=0, timeout=self.timeout, pool_size=pool_size) output = client.run_command('whoami', timeout=self.timeout) log_success("SSH", ipaddress, port, [user_passwd_pair[0], "key: {}".format(key_file_path)]) except Exception as E: logger.debug('AuthenticationException: ssh') continue finally: pass
def login(self, ipaddress, port, user_passwd_pair_list): fp = FTP(timeout=self.timeout) for user_passwd_pair in user_passwd_pair_list: try: banner = fp.connect(ipaddress, int(port)) except Exception as E: logger.debug('ConnectException: %s' % E) return try: resp = fp.sendcmd('USER ' + user_passwd_pair[0]) resp = fp.sendcmd('PASS ' + user_passwd_pair[1]) resp = fp.sendcmd('PWD') log_success("FTP", ipaddress, port, user_passwd_pair) except Exception as E: logger.debug('AuthenticationException: %s' % E) continue finally: fp.close()
def check(self): for u in self.user: for p in self.password: header = { 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'Accept-Language': 'zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3', 'Connection': 'close', 'Upgrade-Insecure-Requests': '1', "Authorization": "Basic " + base64.b64encode(("%s:%s") % (u, p)) } try: Virtual_Host_Manager_url = self.url + "/host-manager/html" reponse = requests.get(Virtual_Host_Manager_url, timeout=3, headers=header) if ("Tomcat Virtual Host Manager" in reponse.text): log_success("Tomcat", Virtual_Host_Manager_url, "", (u, p)) return True except Exception as e: pass try: Tomcat_Web_Application_Manager_url = self.url + "/manager/html" reponse = requests.get(Tomcat_Web_Application_Manager_url, timeout=3, headers=header) if ("Tomcat Web Application Manager" in reponse.text): log_success("Tomcat", Tomcat_Web_Application_Manager_url, "", (u, p)) return True except Exception as e: pass return False
def login(self, ipaddress, port, user_passwd_pair_list): for user_passwd_pair in user_passwd_pair_list: husername = binascii.b2a_hex(user_passwd_pair[0]) lusername = len(user_passwd_pair[0]) lpassword = len(user_passwd_pair[1]) hpwd = binascii.b2a_hex(user_passwd_pair[1]) address = binascii.b2a_hex(ipaddress) + '3a' + binascii.b2a_hex(str(port)) data = '0200020000000000123456789000000000000000000000000000000000000000000000000000ZZ5440000000000000000000000000000000000000000000000000000000000X3360000000000000000000000000000000000000000000000000000000000Y373933340000000000000000000000000000000000000000000000000000040301060a09010000000002000000000070796d7373716c000000000000000000000000000000000000000000000007123456789000000000000000000000000000000000000000000000000000ZZ3360000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000Y0402000044422d4c6962726172790a00000000000d1175735f656e676c69736800000000000000000000000000000201004c000000000000000000000a000000000000000000000000000069736f5f31000000000000000000000000000000000000000000000000000501353132000000030000000000000000' data1 = data.replace(data[16:16 + len(address)], address) data2 = data1.replace(data1[78:78 + len(husername)], husername) data3 = data2.replace(data2[140:140 + len(hpwd)], hpwd) if lusername >= 16: data4 = data3.replace('0X', str(hex(lusername)).replace('0x', '')) else: data4 = data3.replace('X', str(hex(lusername)).replace('0x', '')) if lpassword >= 16: data5 = data4.replace('0Y', str(hex(lpassword)).replace('0x', '')) else: data5 = data4.replace('Y', str(hex(lpassword)).replace('0x', '')) hladd = hex(len(ipaddress) + len(str(port)) + 1).replace('0x', '') data6 = data5.replace('ZZ', str(hladd)) data7 = binascii.a2b_hex(data6) try: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.settimeout(self.timeout) s.connect((ipaddress, port)) except Exception as E: logger.debug('ConnectException: {} {} {}'.format(E, ipaddress, port)) return try: s.send(data7) if 'master' in s.recv(1024): log_success("MSSQL", ipaddress, port, user_passwd_pair) else: logger.debug('AuthenticationFailed') except Exception as E: logger.debug('AuthenticationException: %s' % E) continue
def login(self, ipaddress, port, user_passwd_pair_list): try: conn = pymongo.MongoClient(ipaddress, port) dbname = conn.list_database_names() log_success("MongoDB", ipaddress, port, None) conn.close() return except Exception as E: logger.debug(E) finally: pass for user_passwd_pair in user_passwd_pair_list: try: client = pymongo.MongoClient( host=ipaddress, port=port, maxIdleTimeMS=int(self.timeout * 1000), socketTimeoutMS=int(self.timeout * 1000), connectTimeoutMS=int(self.timeout * 1000), serverSelectionTimeoutMS=int(self.timeout * 1000), waitQueueTimeoutMS=int(self.timeout * 1000), wTimeoutMS=int(self.timeout * 1000), socketKeepAlive=False, connect=False ) except Exception as E: logger.exception(E) logger.debug('ConnectException: {} {} {}'.format(E, ipaddress, port)) return try: db = client.admin db.authenticate(user_passwd_pair[0], user_passwd_pair[1]) log_success("MongoDB", ipaddress, port, user_passwd_pair) except Exception as E: logger.debug('AuthenticationException: %s' % E) continue finally: client.close() pass
def login(self, ipaddress, port, user_passwd_pair_list): # 检查未授权访问功能 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: s.settimeout(self.timeout) s.connect((ipaddress, port)) s.send('stats\r\n') tmp = s.recv(1024) if 'version' in tmp or b"version" in tmp: log_success("Memcached", ipaddress, port, None) return except Exception as e: pass finally: s.close() for user_passwd_pair in user_passwd_pair_list: try: client = bmemcached.Client(('{}:{}'.format(ipaddress, port),), user_passwd_pair[0], user_passwd_pair[1], socket_timeout=self.timeout) status = client.stats() data = json.dumps(status.get("{}:{}".format(ipaddress, port))) if 'Auth failure' in data: continue elif "version" in data: log_success("Memcached", ipaddress, port, user_passwd_pair) else: return except Exception as E: logger.debug('AuthenticationException: %s' % E) continue finally: pass